One Article Review
| Source |  Errata Security |
|---|---|
| Identifiant | 403957 |
| Date de publication | 2017-09-04 23:06:46 (vue: 2017-09-04 23:06:46) |
| Titre | State of MAC address randomization |
| Texte |  tldr: I went to DragonCon, a conference of 85,000 people, so sniff WiFi packets and test how many phones now uses MAC address randomization. Almost all iPhones nowadays do, but it seems only a third of Android phones do.Ten years ago at BlackHat, we presented the "data seepage" problem, how the broadcasts from your devices allow you to be tracked. Among the things we highlighted was how WiFi probes looking to connect to access-points expose the unique hardware address burned into the phone, the MAC address. This hardware address is unique to your phone, shared by no other device in the world. Evildoers, such as the NSA or GRU, could install passive listening devices in airports and train-stations around the world in order to track your movements. This could be done with $25 devices sprinkled around a few thousand places -- within the budget of not only a police state, but also the average hacker.In 2014, with the release of iOS 8, Apple addressed this problem by randomizing the MAC address. Every time you restart your phone, it picks a new, random, hardware address for connecting to WiFi. This causes a few problems: every time you restart your iOS devices, your home network sees a completely new device, which can fill up your router's connection table. Since that table usually has at least 100 entries, this shouldn't be a problem for your home, but corporations and other owners of big networks saw their connection tables suddenly get big with iOS 8.In 2015, Google added the feature to Android as well. However, even though most Android phones today support this feature in theory, it's usually not enabled.Recently, I went to DragonCon in order to test out how well this works. DragonCon is a huge sci-fi/fantasy conference in Atlanta in August, second to San Diego's ComicCon in popularity. It's spread across several neighboring hotels in the downtown area. A lot of the traffic funnels through the Marriot Marquis hotel, which has a large open area where, from above, you can see thousands of people at a time.And, with a laptop, see their broadcast packets.So I went up on a higher floor and setup my laptop in order to capture "probe" broadcasts coming from phones, in order to record the hardware MAC addresses. I've done this in years past, before address randomization, in order to record the popularity of iPhones. The first three bytes of an old-style, non-randomized address, identifies the manufacturer. This time, I should see a lot fewer manufacturer IDs, and mostly just random addresses instead.I recorded 9,095 unique probes over a couple hours. I'm not sure exactly how long -- my laptop would go to sleep occasionally because of lack of activity on the keyboard. I should probably setup a Raspberry Pi somewhere next year to get a more consistent result.A quick summary of the results are:The 9,000 devices were split almost evenly between Apple and Android. Almost all of the Apple devices randomized their addresses. About a third of the Android devices randomized. (This assumes Android only randomizes the final 3 bytes of the address, and that Apple |
| Envoyé | Oui |
| Condensat | $25 almost 000 095 0in 0pt; 100 1562 2014 2015 226 2500 309 412 4498 505 579 5in; 646 75in 75in; 9095 @page about above access across activity actually added address addressed addresses ago airports align:bottom; align:general; all allow almost alps also amazon among android androids apparently apple apple are are:the area around arris askey assumes assuming assumption asustek atlanta august average azurewave background barnes&nobl because before below between big blackberry blackberry blackhat blu border:none; broadcast broadcasts budget building burned but buy bytes can canon capture capturing cars causes charset:0; chi clover cnet co color:black; com com comiccon coming comm comp completely conference connect connecting connection consistent corp corporations could count counted couple data decimal decoration:none; demand device devices diego displayed done downtown dragoncon driving ebooks either electr enabled endfragment entries entry essys even evenly every evildoers exactly explanation:the expose family:calibri feature fewer fi/fantasy fill final first floor following font footer ford format:general; foxconn from full funnels get going google gopro got group gru guesses guessing hacker half hardware has have header higher highlighted home hotel hotels hours how however htc huawei huawei huge identifies identifying ids ignore:padding; inc inc inpro install instead instr intel ios iphones item jjplus just keyboard kindle kyocera l lack laptop large lastly least left left:1px; lg licenses like likely link listening lite little long looking lot lot of mac mac address macbooks made major makers making manufacturer manufacturers many margin: margin:1 marquis marriot may maybe mei microsoft mobile mobile more most mostly motor motorola motorola movements mso murata nearly neighboring netw network networks new next nintendo non not now nowadays nsa number numbers occasionally off old older on oneplus only open order other out over owners p packets padding passive past pattern:auto; people phone phone phones picks places point points police popularity pre presented private probably probe probes problem problems: product protection:locked quanta quick random randomization randomize randomized randomizes randomizing the raspberry recently record recorded records release remember: represents restart result results right:1px; roku rotate:0; roughly router ruckus ruckus samsung san sans saw sci second see seems seepage sees separator: serif; setup several shared should shouldn since size:12 sleep sniff software/brand some somewhere sonim sonos sony source:auto; space:nowrap; sparklan split spread sprinkled startfragment state stations stopped store style style:normal; such suddenly summary support sure table tables tct tec tech techn techno ten test texas text them themselves theory these things think third those though thousand thousands three through time tldr: today top:1px; total track tracked traffic train turned two unique uses usually vendor vertical visible; vizio w walking weight:400; well went where which white who wi2wi wifi within works world would wrong xiaomi year years your yulong zte zte |
| Tags | |
| Stories | |
| Notes | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.