In association with heise online

02 August 2011, 15:01

Microsoft improves the protection of its geographic location database

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Microsoft Logo

Shortly after hacker Elie Bursztein announced that Microsoft's database containing the geographic locations of scanned Wi-Fi access points could be exploited for unauthorised purposes, the company collaborated with Bursztein to fix the hole. In a statement released on Monday (1 August), Microsoft said that it had already added a filter to the geographic location database to block unauthorised database queries the day after Bursztein posted his blog entry on Saturday (30 July).

Bursztein had announced that he would present a description of his hack at the Black Hat Conference in Las Vegas, which began on Saturday. Microsoft's fast response should ensure that Bursztein's presentation, which is scheduled for tomorrow (Wednesday 3 August), won't create a privacy threat for the company's geographic location database.

The database in question contains observations of MAC addresses, detected signal strengths and Wi-Fi standards that were used by countless individual access points. When users establish their geographic location with a Windows Phone 7 device, their phone notifies the Microsoft servers of all available Wi-Fi networks and looks up the location of the available access points in the database. This allows the phone can to work out from the available signal strengths, the position of known Wi-Fi access points and in turn establish its own location. But at the same time, this process also feeds Microsoft's database with information on previously unknown wireless networks.

Other smartphones use similar methods to establish their geographic location via a database from, for example, Google, Apple or Skyhook. But these services have also had to deal with data security holes in the past.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit