Redefining Digital Privacy by Outsmarting Wireless Tracking

In an age where the internet is woven into our daily lives, privacy concerns are on the rise. From cookies tracking online behavior to geolocation services pinpointing a person’s location, the digital age has increasingly become a double-edged sword.

Erik Rye, a fourth-year Ph.D. student in computer science at the University of Maryland, is aware of these issues, noting that as technology evolves, so do novel methods used to collect, analyze, and sometimes exploit personal data.

To help counter these threats, Rye is focusing his doctoral studies on security and privacy, even though his journey into the world of cybersecurity was somewhat unconventional.

After graduating from the United States Naval Academy in 2008 with a mathematics degree, he initially considered additional training for a medical career in the military. His path shifted after serving overseas as a Marine Corps officer, and he reengaged with a mathematics-based field of study, earning master’s degrees in both computer science and applied mathematics from the Naval Postgraduate School.

It was there where Rye says he found his true calling—a passion for solving complex problems arising from wireless security and digital tracking concerns.

“I never saw myself in this field,” he says. “But once I got into it, I realized how much of a difference this work can make—and that’s what keeps me going.”

Since arriving at UMD in 2022, Rye has been working closely with his adviser, Associate Professor of computer science Dave Levin, exploring how digital devices can be tracked—not just through websites, but via the very network infrastructure that powers the internet. Much of Rye’s recent work is centered on how wireless access points and Internet Protocol (IP) addresses can trace users over time and across the globe, exposing a deeper, often overlooked layer of digital surveillance.

Unlike more familiar tracking methods, such as cookies or targeted ads, Rye’s work uncovers how unique identifiers—like Wi-Fi router Media Access Control (MAC) addresses—can be used to follow individuals. Traditionally, these addresses have been static, meaning that anyone with access to a router’s MAC address could pinpoint its exact location. By aggregating these identifiers globally, Rye and Levin discovered new ways to track users’ movements.

“We realized that by querying Apple’s geolocation service, we could map wireless access points from all over the world with surprising accuracy,” Rye explains. 

This breakthrough allowed them to trace millions of routers—even in remote areas—simply by knowing their MAC addresses. The implications were far-reaching: with just this data, it was possible to track an individual’s location, movements, and even daily routines.

Levin notes that Rye’s work specifically targeted these hidden privacy leaks, which is no easy feat.

“If it were obvious where these privacy lapses were, they’d have been fixed by now,” says Levin, who has an appointment in the University of Maryland Institute for Advanced Computer Studies and is a core faculty member in the Maryland Cybersecurity Center. “Instead, they’re buried within massive amounts of data—hidden needles in a global haystack. Erik, however, has an uncanny ability to build powerful magnets that can find them.”

Rye’s research took an unexpected turn when he began exploring how this tracking vulnerability might be used in conflict zones, particularly in Ukraine, where the ongoing war and the use of the Starlink satellite internet technology introduced new privacy risks.

In May 2024, Rye and Levin published a study revealing that Apple’s Wi-Fi-based Positioning System (WPS) could allow unprivileged attackers to track device movements globally by querying the WPS database with Wi-Fi access point MAC addresses.

By analyzing the WPS data, Rye and Levin tracked military personnel and devices entering Ukraine, revealing military positions and pre-deployment sites. They also followed Ukrainian refugees fleeing the country, validating reports of where they had resettled. In Gaza, the same technique was used to monitor the loss of devices, highlighting how the system can inadvertently track civilians in war zones. For Ukrainian forces, this posed a serious security threat, as adversaries could use this data to pinpoint military locations.

Click HERE to read the full article