Ask the Wi-Fi Guru: Episode 41

By Aaron Weiss

November 08, 2011

Our resident expert explains the mysteries of Wi-Fi location and examines the legal and ethical implications of sharing one paid Wi-Fi connection with multiple devices.

Q: I have both an old first-generation iPhone and a new HP TouchPad tablet. Both of these devices have a map app that shows my house location very accurately. But neither device has GPS. Supposedly they use Wi-Fi location. How does this work? How do they reveal where my house is and is there a security risk? – Michael

A: It is almost spooky, isn't it? How does a device with no GPS receiver know almost precisely where you are? As it turns out, GPS is still part of the answer, but not in quite the why you might think.

The first key to this puzzle is that every Wi-Fi router has a unique ID called a MAC address. This "Media Access Control" (MAC) address looks something like this: 01:23:45:67:89:ab

When a wireless client scans the local airwaves for a router it may connect to, it can "see" the MAC address of nearby routers. This is necessary for the two devices to establish communications. Even when the router refuses connection from a client --perhaps the client supplied an incorrect password or the client's MAC address is banned by the router -- the client has "seen" the router MAC address.

Suppose you wanted to construct a database noting the location of wireless routers in your city. You could drive around in a car with some specialized gear. This gear scans the airwaves for routers within earshot, and logs any router MAC addresses it finds. The car would also contain a real GPS receiver, tagging the log with the physical coordinates where the MAC address was detected.

If you drive around a whole city with a setup like this, you will eventually wind up with a fairly accurate database mapping Wi-Fi router MAC addresses to physical GPS coordinates.

In simple terms, this is how Wi-Fi location detection works. One of the main players in providing this service is a company called Skyhook, which provide the Wi-Fi location service used in early generations of iPhone and iPad devices, as well as other mobile phones. Google has Google Location Services, a similar technology available in Android and other devices (including the HP Touchpad) and built-into recent version of the Firefox browser.

Although Wi-Fi location is basically an abstraction layer built upon real GPS data, the system is not perfect. If a particular Wi-Fi router is replaced with another model, the new MAC address won't be in the system. In a less populated area, where only one or few routers can be seen in a given spot, this could lead to inaccurate results.

There are also security implications to Wi-Fi location services. The biggest risk involves MAC address spoofing. A hacker who has intruded into any device in a network can often obtain the MAC address of a wireless router in that network.

Using MAC address spoofing software, the hacker can then setup his own computer to use the stolen MAC address. When that machine contacts a Wi-Fi location service, that service returns the location of the victim's router. In other words, the hacker can learn the location of the compromised network, possibly with good accuracy.

There is no specific defense against this type of security risk, other than being sure that the normal security measures are in place to secure devices on your network (firewall, updated OS patches, anti-malware).

Q: At a paid Wi-Fi hotspot like a hotel or airport, is it possible to share the Wi-fi connection with more than one device? For example I might have a laptop and a tablet. I don't want to pay the Wi-Fi fee twice to use both. -- Anonymous

A: There are really three questions rolled into one here -- ethical, legal, and technical.

Legally: Whether a paid Wi-Fi hotspot lets you share the connection you've paid for with more than one device will depend on the Terms of Service you agree to when signing on.

Ethically: The situation seems like a gray area. On the one hand, paying for one Wi-Fi fee at a hotel and sharing that connection with four people in two adjoining rooms could be described as petty theft.

On the other hand, paying the fee once and using that connection from your laptop at the hotel desk and your tablet while in bed seems like a reasonable usage scenario for one person in this day and age. What about a couple staying in the same room? Like many ethical questions, clear answers can be hard to come by.

Technically, the answer is yes and maybe. Two methods come to mind most readily.

If you travel with a wireless router, this would probably be the easiest solution. First, sign up for the Wi-Fi service using a laptop and pay the fee. Once the laptop is registered and online, connect it to the router with an Ethernet cable and open the router's administration interface.

Many wireless routers have a feature called "clone MAC address" or some similar wording. This allows the router to masquerade using the MAC address from the laptop or computer connected to it. The router will copy the MAC address from your laptop. You can then plug the router into the hotel room's Ethernet connection, because the Wi-Fi hotspot will think the router is the registered, paid device.

Now you can use your laptop or any other wireless devices in your room to connect to your wireless router, effectively sharing the paid hotspot.

What if you don't have a wireless router? The options become more limited. One interesting solution that may work if you have a Windows 7 laptop is the "Virtual Router". This is free (and open source) software that leverages a feature built into Windows 7 (except for the Starter edition). Using Virtual Router, your laptop can behave like a wireless router, sharing its Internet connection with other wireless clients in the vicinity.

Therefore, if you have paid for access for your laptop, using Virtual Router will let you share that access with other devices. Note however that Virtual Router runs only on Windows 7 machines with some but not all wireless adapters. Consult the supported devices list for more information.

Aaron Weiss a technology writer, screenwriter and Web development consultant who spends his free time stacking wood for the winter in Upstate New York. His Web site is: bordella.com



Comment and Contribute
(Maximum characters: 1200). You have
characters left.