Hacker News new | past | comments | ask | show | jobs | submit login
Sniffing tool for capturing WiFi location data disclosed by iOS devices (github.com/hubert3)
94 points by casca on May 11, 2013 | hide | past | favorite | 21 comments



It isn't only iOS devices that do this. All operating systems probe for SSIDs that they have been previously associated with, thats what makes devies like the WiFi Pineapple possible [0].

[0] http://hakshop.myshopify.com/products/wifi-pineapple


However, Apple devices do do "optimization" to get on the network quickly. If you previously associated with a SSID, it'll get reconnected much faster.

See http://cafbit.com/entry/rapid_dhcp_or_how_do


I had to install aircrack-ng. Upon doing so and watching for about 30 minutes, I saw my MacBook Pro and iPhone 5 both leak an uncomfortable amount of probes for SSID's my devices have attached to. The thing is, quite a few SSID names are unique enough it nailed the specific devices I had attached to and through Apple's geo-coordinate database, their coordinates.

If the author is reading I just sent a pull request for a defect in the 'SSID Search' page. Thanks.


I didn't realize looking for SSIDs was an active process. Why wouldn't it just listen for broadcast SSIDs? Is this only for hidden ones?

Regardless, headline should not single out iOS unless this is iOS specific - maybe it is? Readme says: "iPhones, iPads and other wireless devices"


I'm curious to know if this is an iOS only issue. It seems to me that any device that remembers past SSIDs would look for them actively. That way the user gets on their preferred network whenever it's available. Then anyone with access to a database with GPS coordinates for base stations would be able to achieve the same effect, no?


Mobile phones are rife with security concerns, and this article is merely another in a long list.

This is why I choose to purchase pre-paid (burner) type devices, which have the added bonus of not locking me into any restrictive "contracts."


Whether or not your phone is disposable seems not to be relevant to this attack, such as it is. Your device will still leak information suggesting where you have recently been.


I see why this is interesting, but how or when would it be practical or useful?


check the SSID they are looking for, setup the network they want, establish a connection and then MITM their connection.

This is what products like the Pineapple are setup to exploit and automate. It really is a lot of fun trying it out and pranking friends:

http://hakshop.myshopify.com/products/wifi-pineapple


I think the point is that iOS devices inadvertently leak the privacy of the user. This hack exploits that leak.


You could install this in a retail store to get competitive intel on where your customers have previously browsed or been


Something like this seems... illegal. Isn't this type of data farming only allowed after explicit permission of the user?


What would be illegal about it? The phone is advertising the MACs, just the same as if you wore a shirt that had your home address on it.


Storing personally identifiable data about people is covered and controlled by EU Data Protection law. Broadly, you have to have a legitimate, legal, proportional reason for storing personal data on people. You probably need their consent.


Sadly this has already been happening for a while: http://techcrunch.com/2013/02/21/euclid-the-google-analytics...


Perhaps not for honest folk like yourself, but there are obvious ways that it could be used for evil - set up an access point with the same name and MAC address to sniff traffic and/or perform all sorts of man-in-the-middle attacks.


Headline is hyperbole. According to the linked page, iOS devices leak some network information and it may be possible to analyse this to establish where the device's owner lives.


How is this a hyperbole? The device broadcasts MAC address of previously connected, which is easily converted into geographical coordinates.


as far as I remember this is a feature, the wifi connection stack on osx is trying to connect to recent wifis first with the mac address because that is much faster than trying to get a new lease and so on


It also causes occasional IP-address conflicts. Had this happening before and traced it to an iPhone using an IP-address it did not have a DHCP lease for.


" Presented at Blackhat USA July 2012, code published on Github 2012-08-31."

Old news.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: