WiFi access points are growing like mushrooms after the rain. Every day, there are more and most of them are protected with WEPWPA or WPA2 security mechanisms, whereas some of them are open to the public (either on purpose or by accident).

Sometimes it would be interesting to know the exact location of certain access points. In general, we can achieve this by triangulation, but the process can be nontrivial and normally we need some sort of special equipment. However, there is an easier way to do this: enter Google Location Services. Not many people are aware of this service, even though it was integrated with Firefox quite some time ago. It enables us to send our geographical location (coordinates) to web sites we trust if they need it. Google Location Services calculates our location by considering signal strenghts to our nearby wireless networks. We can use this service to determine our geographical location, but we can also use it to locate wireless access points by sending a request to Google Location Services, which defines maximal signal strength to each access point.

We conducted an experiment in our lab. With an external antenna we captured all the beacons around us. In these packets there are also BSSID values, which are in fact MAC addresses of WiFi access points. This way we compiled a database of MAC addresses of all visible WiFi access points around us. Finally, we sent a location request to Google Location Services for every access point and constructed a KML file from the answers. See the results below.