A researcher based in Melbourne has come up with a tool that can use Apple's location services with the data iPhones and iPads send home to Apple when they join Wi-Fi networks, according to SCMagazine. This can potentially reveal where users are at any moment, including where they live.
Generally, Apple's devices, namely iPhones and iPads, send their locations to Apple's servers when they detect a Wi-Fi network nearby as long as GPS and Wi-Fi locations services are enabled. This allows Apple to keep a list of wireless access points anywhere in the world. This data is used by Apple to run its location services, and the data is not meant to be accessible to the public.
Apple's database isn't supposed to be accessible to the public
If a user queries the locaton of a single W-fi router's MAC address, Apple will reveal the MAC address and GPS information of hundreds of nearby access points, according to independent penetration tester Hubert Seiwert.
“You can send Apple a single MAC address of a wifi router and they will send back a result set including the GPS coordinates of that MAC address and about 400 others,” Seiwert said. “You can plug that MAC address into Apple's location service through iSniff GPS and you will get very precise information back from that.”
This reveals a major threat to security, both for Apple's servers, as well as iPhone and iPad users' privacy. Apple may have to make changes to the way its servers work soon or someone with more malicious intentions might make use of a similar tool.