http://levigundert.com/savvyintel/50896728552
You may have missed last year’s iPhone data leakage story due to a short news cycle, but it’s actually an important potential vulnerability with plenty of practical implications.
Your iPhone is leaking your recent location to anyone who cares to listen. Your iPhone doesn’t just broadcast recently visited wireless access point Service Set Identifiers (SSIDs); it also broadcasts the associated MAC addresses for any access point (AP) in the recent vicinity of your iPhone. Your phone’s wireless AP history may go back days and practically speaking this means that your daily movements may be trivially tracked. Apple most likely views this as a feature that facilitates quick wireless acquisition and personally I appreciate the design thought, but the tracking potential is extremely concerning.
If you want to test this “feature” there are plenty of tools ready to assist including Airodump, Kismet, or Wireshark. For maximum effect buy an antenna like the USB Yagi and then fire up any of the aforementioned tools.
You will be looking for iPhone probe requests. If you use the Yagi Antenna you will have no problem picking these up. A specific Backtrack application called “easy iPhone” uses a filter to identify iPhones within a packet capture (PCAP). If you can’t spot the probe requests in real time you should save the PCAP and subsequently use Ngrep to identify them. The requests will contain the AP SSID and MAC address that the iPhone is searching for.
An even easier solution for cataloging probes and mapping them is iSniff-GPS - a slick Django application that visualizes iPhone data from imported PCAPs. It was officially released last year as a “passive sniffing tool for capturing and visualizing WiFi location data disclosed by iOS devices”. Imagine if McDonalds or Starbucks ran an instance of iSniff-GPS in every one of their global locations. The implications are significant for those of us that still like to believe we can retain some shred of public movement privacy.
Military and law enforcement iPhone users should be especially aware of this iPhone “feature”. To mitigate some of the risk simply turn off your iPhone’s WiFi when you aren’t explicitly using it. This isn’t a complete solution, but it certainly decreases the time that this data is available to attackers (or advertisers).
It should be mentioned that any potential location aware attack is predicated on an attacker obtaining lat/long coordinates for WiFi AP MAC addresses in order to determine actual movement patterns. Google may assist when provided with two Mac addresses in the same area. Wigle.net is a free database, but somewhat limited. Skyhook is on par with Google and Google previously used Skyhook’s data.
Even if you don’t work in a sensitive job function you should consider the personal security implications of leaving WiFi turned on when you’re out and about. Plenty of people and organizations are only too happy to collect your location data for research purposes, malicious purposes, and everything in between.
沒有留言:
張貼留言