Geolocation on ESP8266 without GPS Module, only WiFi

When I think about geolocation in I normally think about global navigation satellite systems such as GPS, GLONASS, Galileo, or Beidou, as well as IP geolocation, but the latter is highly inaccurate, and often only good for find out about the country, region, or city.

But if you’ve ever been into your phone location settings, you’d know GPS is only one option, as it can also leverage cellular base stations and WiFi SSIDs, where the former working where there’s coverage, and the later in area with a high enough density of access points. Somehow, I had never thought about using such technology to find location with WiFi modules until Espressif Systems released an application note entitled “Geolocating with ESP8266“.

This document describes how the ESP8266 module may be used to scan for nearby Wi-Fi access points and, then, use their SSID, RSSI and MAC address to obtain a potential fix on the device’s geolocation, using Google geolocation API.

That’s basically a two step process with an AT command returning the list of available APs, SSID, RSSI, and MAC Address:


and after setting up a secure SSL connection, you can then feed that data to Google Geolocation API to get the location with a command that looks like (wifiAccessPoint data not filled here):


Further research led me to m0xpd experimentation with Geolocation on ESP8266 last year, using both IP geolocation (found to be very inaccurate), and Google or Mozilla APIs, and posted his Arduino source code on Github. The Google API found his actual home in Manchester with just the information retrieved from the list of access points.

That also means that unsecured devices on the public Internet can easily be located, as an hacker logins to a router or IoT device, he just needs to run a command to find out the information required by his preferred geolocation API.

Share this:

Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress

ROCK 5 ITX RK3588 mini-ITX motherboard
Subscribe
Notify of
guest
The comment form collects your name, email and content to allow us keep track of the comments placed on the website. Please read and accept our website Terms and Privacy Policy to post a comment.
8 Comments
oldest
newest
tkaiser
tkaiser
7 years ago

Thank you for the nice map screenshot (Longdong Avenue — LOL!) and especially the last sentence. But it should be noted that this is not related to ESP8266 at all since as soon as you ‘hacked’ any IoT device able to do wireless scans you’re already done. If you get access to a networked Raspberry Pi 3 for example all you need to locate the device is the output from ‘iwlist wlan0 scan’ (unless the Raspberry is in a rural area)

tkaiser
tkaiser
7 years ago

cnxsoft :
The many routers / modems directly connected to the Internet with default username / password are prime targets.

No need for this! The Internet of shitty things never receives upgrades, dnsmasq is almost everywhere and since yesterday we know how to open these boxes remotely 🙂

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Martin Schlatter
Martin Schlatter
7 years ago

Your last sentence is absolutely right and a bit scary!

Germán Martín
7 years ago

Some time ago, I built a library for Arduino IDE that uses Google Geolocation to get position without GPS, listening to surrounding WiFi APs. It can be used with esp8266, esp32 and arduino mkr1000.
Code can be checked on https://github.com/gmag11/ESPWifiLocation

Regards

Sander
Sander
7 years ago

I didn’t know about the Google Geo service “Wifi-MAC => Location” … Thank you CNXsoft and Tkaiser.

tkaiser
tkaiser
7 years ago

@Sander Well, that such public services exist should be alarming since this is just the tip of the iceberg confirming the more serious problem that every wireless device out there that is trackable gets tracked and helps tracking everything around all the time (with data ending up somewhere in private data centers euphemistically called ‘the cloud’ so already accessible by 3 letter agencies and sooner or later by hackers or everyone since ‘cloud security’ is plain BS and has never worked so far). How are these databases fed? By dumb people combined with ‘smart phones’ with location services enabled and… Read more »

Boardcon Rockchip and Allwinner SoM and SBC products