On 7/13/14 11:25 AM, [email protected] wrote:
>Using cells to hash wifis could be a real issue but it would be a safe
>method. (so you need at least one wifi and one cell)
A hash of cell ID + BSSID is relatively easy to attack by means of brute force.
Assuming an attacker has a list of cells and their locations (if not from
Mozilla, then from one of the other projects), he can filter by location and
thus obtain all cells in his area of interest. An attacker could filter for one
single provider and network type to further reduce the number of cells to try.
In my neighborhood I hit a new cell every 1-2 km, so the coverage area of a
cell is somewhere in the 1-4 kmĀ² range there - and is even less dense in less
populated areas.
Other problems with using a cell ID to salt the BSSID hash are: multiple
cells in the same area, multiple cell networks in the same area, and
client devices that don't have cell radios (like desktop browsers) can't
generate the salted hash.
chris
_______________________________________________
dev-geolocation mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-geolocation
