Geolocation on ESP8266 without GPS Module, only WiFi

When I think about geolocation in I normally think about global navigation satellite systems such as GPS, GLONASS, Galileo, or Beidou, as well as IP geolocation, but the latter is highly inaccurate, and often only good for find out about the country, region, or city.

But if you’ve ever been into your phone location settings, you’d know GPS is only one option, as it can also leverage cellular base stations and WiFi SSIDs, where the former working where there’s coverage, and the later in area with a high enough density of access points. Somehow, I had never thought about using such technology to find location with WiFi modules until Espressif Systems released an application note entitled “Geolocating with ESP8266“.

This document describes how the ESP8266 module may be used to scan for nearby Wi-Fi access points and, then, use their SSID, RSSI and MAC address to obtain a potential fix on the device’s geolocation, using Google geolocation API.

That’s basically a two step process with an AT command returning the list of available APs, SSID, RSSI, and MAC Address:

and after setting up a secure SSL connection, you can then feed that data to Google Geolocation API to get the location with a command that looks like (wifiAccessPoint data not filled here):

Further research led me to m0xpd experimentation with Geolocation on ESP8266 last year, using both IP geolocation (found to be very inaccurate), and Google or Mozilla APIs, and posted his Arduino source code on Github. The Google API found his actual home in Manchester with just the information retrieved from the list of access points.

That also means that unsecured devices on the public Internet can easily be located, as an hacker logins to a router or IoT device, he just needs to run a command to find out the information required by his preferred geolocation API.

8 Replies to “Geolocation on ESP8266 without GPS Module, only WiFi”

  1. @tkaiser
    The map is the location of Espressif Systems office in Shanghai 🙂

    Yes, it affects anything connected to the Internet with WiFi. That’s why I did not mention ESP8266 in particular in the last sentence. The many routers / modems directly connected to the Internet with default username / password are prime targets.

  2. Thank you for the nice map screenshot (Longdong Avenue — LOL!) and especially the last sentence. But it should be noted that this is not related to ESP8266 at all since as soon as you ‘hacked’ any IoT device able to do wireless scans you’re already done. If you get access to a networked Raspberry Pi 3 for example all you need to locate the device is the output from ‘iwlist wlan0 scan’ (unless the Raspberry is in a rural area)

  3. I didn’t know about the Google Geo service “Wifi-MAC => Location” … Thank you CNXsoft and Tkaiser.

  4. @Sander
    Well, that such public services exist should be alarming since this is just the tip of the iceberg confirming the more serious problem that every wireless device out there that is trackable gets tracked and helps tracking everything around all the time (with data ending up somewhere in private data centers euphemistically called ‘the cloud’ so already accessible by 3 letter agencies and sooner or later by hackers or everyone since ‘cloud security’ is plain BS and has never worked so far).

    How are these databases fed? By dumb people combined with ‘smart phones’ with location services enabled and constantly submitting everything they scan around to their device owners (Google, Apple, …). What if you want to opt-out of the ‘game’? This for example:

  5. You can actually even track people with that. All you need is their IP address…
    If you can find somebody’s email, you can send him/her an email with some HTML code pointing to your server (for example an image), and get their IP once they open their email. They don’t even need to answer.

    Then you’d have to get into the system with that IP, which can be very easy or extremely hard depending on how well it is secured. But if you get inside, then you’d get that person location with some decent accuracy.

    Using VPN or the Tor network would prevent this trick. Another alternative is to block external content from email, and my email client (Thunderbird) does that by default. It also depends how you access your email, as gmail does not block images anymore, as they use a proxy to load photos.

Leave a Reply

Your email address will not be published. Required fields are marked *