Microsoft improves the protection of its geographic location database
Shortly after hacker Elie Bursztein announced that Microsoft's database containing the geographic locations of scanned Wi-Fi access points could be exploited for unauthorised purposes, the company collaborated with Bursztein to fix the hole. In a statement released on Monday (1 August), Microsoft said that it had already added a filter to the geographic location database to block unauthorised database queries the day after Bursztein posted his blog entry on Saturday (30 July).
Bursztein had announced that he would present a description of his hack at the Black Hat Conference in Las Vegas, which began on Saturday. Microsoft's fast response should ensure that Bursztein's presentation, which is scheduled for tomorrow (Wednesday 3 August), won't create a privacy threat for the company's geographic location database.
The database in question contains observations of MAC addresses, detected signal strengths and Wi-Fi standards that were used by countless individual access points. When users establish their geographic location with a Windows Phone 7 device, their phone notifies the Microsoft servers of all available Wi-Fi networks and looks up the location of the available access points in the database. This allows the phone can to work out from the available signal strengths, the position of known Wi-Fi access points and in turn establish its own location. But at the same time, this process also feeds Microsoft's database with information on previously unknown wireless networks.
Other smartphones use similar methods to establish their geographic location via a database from, for example, Google, Apple or Skyhook. But these services have also had to deal with data security holes in the past.
See also:
- Microsoft releases Wi-Fi data collection source code, a report from The H.
- Wi-Fi MAC addresses: Google's long-term memory, a report from The H.
- Apple officially responds to iPhone location tracking concerns, a report from The H.
(ehe)