Jump to content

iOS 8 Update

DrDinosaur

By DrDinosaur
in WiFi Pineapple Mark V

 Share

Recommended Posts

cooper Newbie

cooper

Posted
Posted

Your MAC address was a perfect unique identifier. The next best thing is the list of APs you're broadcasting for. That's likely to be unique for at least your household which ought to be sufficient for most purposes.

Link to comment
Share on other sites
ScottHelme Newbie

ScottHelme

Posted
Posted

I can't see how the changes will affect the current operation of the Pineapple, things like Karma will still work just fine. The AP responds to the probe using the supplied (spoofed) MAC and then the client connects with it's own genuine MAC. The changes are intended to have no effect on the normal operation of WiFi.

Link to comment
Share on other sites
ScottHelme Newbie

ScottHelme

Posted
Posted

Your MAC address was a perfect unique identifier. The next best thing is the list of APs you're broadcasting for. That's likely to be unique for at least your household which ought to be sufficient for most purposes.

With a randomised MAC address per probe, how would you know that any given set of SSIDs came from a specific client though?

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

I'm assuming that only you will have your home router in the set. The remainder will identify your device from the others in your household.

Link to comment
Share on other sites
ScottHelme Newbie

ScottHelme

Posted
Posted

I'm assuming that only you will have your home router in the set. The remainder will identify your device from the others in your household.

I'm sorry, I'm not sure I follow. With a random MAC address per probe, how would you know where any probe request came from, or even how many devices were sending the probes that you see? Are we talking about just general device identification here?

Link to comment
Share on other sites
Oli Newbie

Oli

Posted
Posted

I'm sorry, I'm not sure I follow. With a random MAC address per probe, how would you know where any probe request came from, or even how many devices were sending the probes that you see? Are we talking about just general device identification here?

Not easy (or foolproof) by any means, but I guess you could do statistical analysis based on SSID names, timing, signal strength, etc so even if MAC address is random per probe you can work out to a reasonable probability over time which devices are around. I guess a single device is going to constantly probe for same SSIDs repeatedly - so over time if you can infer certain things.

Link to comment
Share on other sites
ScottHelme Newbie

ScottHelme

Posted
Posted

Not easy (or foolproof) by any means, but I guess you could do statistical analysis based on SSID names, timing, signal strength, etc so even if MAC address is random per probe you can work out to a reasonable probability over time which devices are around. I guess a single device is going to constantly probe for same SSIDs repeatedly - so over time if you can infer certain things.

For general wifi tracking though, like that one on the streets of London (http://www.theregister.co.uk/2013/08/12/spy_bins_scrapped_from_london_streets/), do you think anything like that would be possible? With such a mass of devices coming through, even with half of them being iOS, the amount of data being pumped out would make it near impossible, surely?

The signal strength could be useful, but form experience, it's not nearly accurate enough to pin down a device in a dynamic environment like that. All it takes is one small shift of an object like a bus to completely alter signal strength for a huge swathe of devices.

I guess time is the biggest factor here, but you generally don't have very prolonged periods where the devices you want to track are in range.

Link to comment
Share on other sites
cooper Newbie

cooper

Posted
Posted

You're combining two problems of which only 1 got harder because of this. I am indeed assuming that the transmission by which a phone seeks its AP contains all known APs to that device. I think it's fair to assume then that the list of APs identifies a device as uniquely as its MAC would.

The issue of directionality of the transmission to triangulate, a hot topic in the Hacks & Mods section, is separate and, given the assumptions mentioned first, unchanged.

Link to comment
Share on other sites
ScottHelme Newbie

ScottHelme

Posted
Posted

You're combining two problems of which only 1 got harder because of this. I am indeed assuming that the transmission by which a phone seeks its AP contains all known APs to that device. I think it's fair to assume then that the list of APs identifies a device as uniquely as its MAC would.

The issue of directionality of the transmission to triangulate, a hot topic in the Hacks & Mods section, is separate and, given the assumptions mentioned first, unchanged.

The phone doesn't transmit the entire list in one go though. Each SSID is probed for using it's own probe request. If you're searching for 10 SSIDs, you send out 10, separate, probe requests. Each of these probe requests would contain a unique MAC address, so how would you know they all came from the same device? If 2 devices are sat next to each other and send a set of probes, without some prior knowledge or some serious work, you can't identify the devices uniquely. This also becomes more difficult as more devices are present.

When I say tracking I'm not talking about triangulation. It is still just as possible to triangulate a broadcast, it's just a lot harder to tie each broadcast together as you no longer have the unique identifier present in each frame, the MAC address.

Link to comment
Share on other sites
ScottHelme Newbie

ScottHelme

Posted
Posted

Okay, just read the article. Looks like it uses the real address when it connects.

Yeah, it will always have to use the real MAC when connecting, otherwise there would be all sorts of issues. The MAC address in each probe though, which is generally what's used to track you, can be anything and it doesn't really matter.

Link to comment
Share on other sites
Darren Kitchen Grand Master

Darren Kitchen

Posted
Posted

By now you have probably heard of the iOS 8 security update (one of many articles: http://www.techdigest.tv/2014/06/apples_ios8_add.html) regarding MAC addresses. What effects will this have on the pineapple? Will this affect the changes currently being developed for Defcon?

It only affects potential tracking features. Apple would rather you license their iBeacon stuff for tracking/marketing/analytics than get the MAC for "free"

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...