DrDinosaur Posted June 12, 2014 Share Posted June 12, 2014 By now you have probably heard of the iOS 8 security update (one of many articles: http://www.techdigest.tv/2014/06/apples_ios8_add.html) regarding MAC addresses. What effects will this have on the pineapple? Will this affect the changes currently being developed for Defcon? Quote Link to comment Share on other sites More sharing options...
cooper Posted June 12, 2014 Share Posted June 12, 2014 Your MAC address was a perfect unique identifier. The next best thing is the list of APs you're broadcasting for. That's likely to be unique for at least your household which ought to be sufficient for most purposes. Quote Link to comment Share on other sites More sharing options...
ScottHelme Posted June 12, 2014 Share Posted June 12, 2014 I can't see how the changes will affect the current operation of the Pineapple, things like Karma will still work just fine. The AP responds to the probe using the supplied (spoofed) MAC and then the client connects with it's own genuine MAC. The changes are intended to have no effect on the normal operation of WiFi. Quote Link to comment Share on other sites More sharing options...
ScottHelme Posted June 12, 2014 Share Posted June 12, 2014 Your MAC address was a perfect unique identifier. The next best thing is the list of APs you're broadcasting for. That's likely to be unique for at least your household which ought to be sufficient for most purposes. With a randomised MAC address per probe, how would you know that any given set of SSIDs came from a specific client though? Quote Link to comment Share on other sites More sharing options...
cooper Posted June 12, 2014 Share Posted June 12, 2014 I'm assuming that only you will have your home router in the set. The remainder will identify your device from the others in your household. Quote Link to comment Share on other sites More sharing options...
ScottHelme Posted June 12, 2014 Share Posted June 12, 2014 I'm assuming that only you will have your home router in the set. The remainder will identify your device from the others in your household. I'm sorry, I'm not sure I follow. With a random MAC address per probe, how would you know where any probe request came from, or even how many devices were sending the probes that you see? Are we talking about just general device identification here? Quote Link to comment Share on other sites More sharing options...
Oli Posted June 12, 2014 Share Posted June 12, 2014 I'm sorry, I'm not sure I follow. With a random MAC address per probe, how would you know where any probe request came from, or even how many devices were sending the probes that you see? Are we talking about just general device identification here? Not easy (or foolproof) by any means, but I guess you could do statistical analysis based on SSID names, timing, signal strength, etc so even if MAC address is random per probe you can work out to a reasonable probability over time which devices are around. I guess a single device is going to constantly probe for same SSIDs repeatedly - so over time if you can infer certain things. Quote Link to comment Share on other sites More sharing options...
ScottHelme Posted June 12, 2014 Share Posted June 12, 2014 Not easy (or foolproof) by any means, but I guess you could do statistical analysis based on SSID names, timing, signal strength, etc so even if MAC address is random per probe you can work out to a reasonable probability over time which devices are around. I guess a single device is going to constantly probe for same SSIDs repeatedly - so over time if you can infer certain things. For general wifi tracking though, like that one on the streets of London (http://www.theregister.co.uk/2013/08/12/spy_bins_scrapped_from_london_streets/), do you think anything like that would be possible? With such a mass of devices coming through, even with half of them being iOS, the amount of data being pumped out would make it near impossible, surely? The signal strength could be useful, but form experience, it's not nearly accurate enough to pin down a device in a dynamic environment like that. All it takes is one small shift of an object like a bus to completely alter signal strength for a huge swathe of devices. I guess time is the biggest factor here, but you generally don't have very prolonged periods where the devices you want to track are in range. Quote Link to comment Share on other sites More sharing options...
cooper Posted June 12, 2014 Share Posted June 12, 2014 You're combining two problems of which only 1 got harder because of this. I am indeed assuming that the transmission by which a phone seeks its AP contains all known APs to that device. I think it's fair to assume then that the list of APs identifies a device as uniquely as its MAC would. The issue of directionality of the transmission to triangulate, a hot topic in the Hacks & Mods section, is separate and, given the assumptions mentioned first, unchanged. Quote Link to comment Share on other sites More sharing options...
ScottHelme Posted June 12, 2014 Share Posted June 12, 2014 You're combining two problems of which only 1 got harder because of this. I am indeed assuming that the transmission by which a phone seeks its AP contains all known APs to that device. I think it's fair to assume then that the list of APs identifies a device as uniquely as its MAC would. The issue of directionality of the transmission to triangulate, a hot topic in the Hacks & Mods section, is separate and, given the assumptions mentioned first, unchanged. The phone doesn't transmit the entire list in one go though. Each SSID is probed for using it's own probe request. If you're searching for 10 SSIDs, you send out 10, separate, probe requests. Each of these probe requests would contain a unique MAC address, so how would you know they all came from the same device? If 2 devices are sat next to each other and send a set of probes, without some prior knowledge or some serious work, you can't identify the devices uniquely. This also becomes more difficult as more devices are present. When I say tracking I'm not talking about triangulation. It is still just as possible to triangulate a broadcast, it's just a lot harder to tie each broadcast together as you no longer have the unique identifier present in each frame, the MAC address. Quote Link to comment Share on other sites More sharing options...
barry99705 Posted June 13, 2014 Share Posted June 13, 2014 (edited) Okay, just read the article. Looks like it uses the real address when it connects. Edited June 13, 2014 by barry99705 Quote Link to comment Share on other sites More sharing options...
ScottHelme Posted June 13, 2014 Share Posted June 13, 2014 Okay, just read the article. Looks like it uses the real address when it connects. Yeah, it will always have to use the real MAC when connecting, otherwise there would be all sorts of issues. The MAC address in each probe though, which is generally what's used to track you, can be anything and it doesn't really matter. Quote Link to comment Share on other sites More sharing options...
Darren Kitchen Posted June 13, 2014 Share Posted June 13, 2014 By now you have probably heard of the iOS 8 security update (one of many articles: http://www.techdigest.tv/2014/06/apples_ios8_add.html) regarding MAC addresses. What effects will this have on the pineapple? Will this affect the changes currently being developed for Defcon? It only affects potential tracking features. Apple would rather you license their iBeacon stuff for tracking/marketing/analytics than get the MAC for "free" Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.