Apple 新的「Find My」帶來的隱私問題

這次 WWDC 推出的新功能,已經有人在討論機制與隱私問題了:「How does Apple (privately) find your offline devices?」。

前一代的「Find my iPhone」需要透過網路與 GPS 資料才能在系統上看到,這一代則是加上 BLE beacon,然後任何一台 iOS device 收到後就回傳回給蘋果:

Every active iPhone will continuously monitor for BLE beacon messages that might be coming from a lost device. When it picks up one of these signals, the participating phone tags the data with its own current GPS location; then it sends the whole package up to Apple’s servers.

幾個隱私問題在於,代傳的 iOS device 也會暴露位置資訊給蘋果,另外收到 BLE beacon 的 iOS device 本身是否可以解讀遺失機器的資訊?而商家看起來也可以利用這個方式主動發送攻擊而得知不少資料 (像是文章裡提到先前蘋果透過 randomize mac address 加強隱私的問題,這邊又多開了一個洞),現在蘋果給的資訊還不夠清楚,需要真的逆向工程確認才知道...

GrabFood 用定位資料修正餐廳的資訊

Grab 的「How we harnessed the wisdom of crowds to improve restaurant location accuracy」這篇是他們的 data team 整理出來,如何使用既有的資料快速的修正餐廳資訊。裡面提到的方法不需要用到 machine learning,光是一些簡單的統計算法就可以快速修正現有的架構。

這些資訊其實是透過司機用的 driver app 蒐集來的,在 driver app 上有大量的資訊傳回伺服器 (像是定時回報的 GPS 位置,以及取餐狀態),而這些司機因為地緣關係,腦袋裡的資訊比地圖會準不少:

One of the biggest advantages we have is the huge driver-partner fleet we have on the ground in cities across Southeast Asia. They know the roads and cities like the back of their hand, and they are resourceful. As a result, they are often able to find the restaurants and complete orders even if the location was registered incorrectly.

所以透過這些資訊他們就可以反過來改善地圖資料,像是透過司機按下「取餐」的按鈕的地點與待的時間,就可以估算餐聽可能的位置,然後拿這個資訊比對地圖上的資料,就很容易發現搬家但是地圖上沒更新的情況:

Fraction of the orders where the pick-up location was not “at” the restaurant: This fraction indicates the number of orders with a pick-up location not near the registered restaurant location (with near being defined both spatially and temporally as above). A higher value indicates a higher likelihood of the restaurant not being in the registered location subject to order volume

Median distance between registered and estimated locations: This factor is used to rank restaurants by a notion of “importance”. A restaurant which is just outside the fixed radius from above can be addressed after another restaurant which is a kilometer away.

另外也有不少其他的改善 (像是必須在離餐聽某個距離內才能點「取餐」,這個「距離」會因為餐聽可能在室內商場而需要的調整),整個成果就會反應在訂單的取消率大幅下降:

整體看起來是系統產生清單後讓人工後續處理 (像是打電話去店家問?),但這個方式所提供的清單準確度應該很高 (因為司機不會沒事跟自己時間過不去,跑到奇怪地方按下取餐),用這些資料跑簡單的演算法就能夠快速修正不少問題...

用環境辨識改善 Google Maps 的定位

Google 透過環境辨識的方式改善 Google Maps 使用 GPS 定位時的精確度問題 (另外也試著解決方位不準的問題):「Using Global Localization to Improve Navigation」。

GPS 因為是衛星訊號,會有反射訊號而導致定位漂移的問題,像是這樣:

另外也會有指北針不準的問題,Google 的解法是利用相機傳輸現在的畫面,判斷可能的地點,後面的資料庫應該就是街景圖:

這代表後面的系統已經有能力處力不同天氣的情境...

不過看了一下 YouTube 上的 keynote,是去年 Google I/O 上提到的事情了,最近出現文章應該是開始提供給一般人用?在 Facebook 上有看到一些人提到...

用在室外的隱私性應該還在可以被接受的範圍?不是很確定...

利用手機的 sensor 取得 PIN 碼

把 side-channel information 配合上統計方法就可以達到 74% 的正確率:「Phone Hack Uses Sensors To Steal PINs」。

透過 browser 的 javascript 就可以拉出這些資料,然後利用這些資料去猜你的手機 PIN 碼:

Researchers from U.K.-based Newcastle University created a JavaScript app called PINlogger.js that has the ability to access data generated by the phone’s sensors, including GPS, camera, microphone, accelerometer, magnetometer, proximity, gyroscope, pedometer and NFC protocols.

而且當可以多抓到更多資訊時 (像是第二次輸入) 準確度就更高了:

Using a sample set of 50 PINs, researchers found that their script was able to correctly guess a user’s PIN 74 percent of the time on the first try, which increases to 86 and 94 percent success rates on the second and third attempts.

有些瀏覽器有做一些修正,讓 side-channel information 變少,於是難度變高:

As for Firefox, starting from version 46 (released in April 2016), the browser restricts JavaScript access to motion and orientation sensors. Apple’s Security Updates for iOS 9.3 (released in March 2016), suspended the availability of motion and orientation data when the web view is hidden, according to researchers.

Google 則是沒修:

As for Google, it’s unclear what measures have been taken. “Our concern is confirmed by members in the Google Chromium team, who also believe that the issue remains unresolved,” the report stated. Google did not reply to a request to comment for this report.

這攻擊方式頗不賴... @_@

微軟的 Time Service 回應錯誤的時間...

看起來會有不少災情 (像是 SQL Server 遇到使用 server side 的時間的 SQL query):「Windows Time Service is sending out wrong times and that’s a big problem」,報導裡引用了 Reddit 上「PSA: time.windows.com NTP server seems to be sending out wrong time」這邊的討論串。

為了避免這種情況,不同單位會用不同方法解決。像是財力充足的 Google 就自己搞了原子鐘,然後還放 Google Public NTP 出來給大家用。可以不倚靠外部裝置確保自家時間的正確性。

另外是有人用 Raspberry Pi 收 GPS 訊號轉成 NTP service (像是「The Raspberry Pi as a Stratum-1 NTP Server」這邊介紹的方式),不過之前有發生過 GPS 送出來的時間差了 13ms 的事情,也不是完全可靠 (不過相較起來應該還是可以接受):「GPS error caused '12 hours of problems' for companies」。另外可能的方案有 GLONASS (俄羅斯的系統)。

也許之後有機會會需要自己架...

Galileo 系統啟用

由歐盟主導的 Galileo 系統宣布啟用,提供早期服務 (Early Operational Capability):「Galileo navigation satellite system goes live」。預定的 30 顆衛星已經打了 18 顆上去:

At this point, 18 of the planned 30 satellites are already in orbit.

在一般的使用下精確度可以到 4 公尺,相較於 GPS 是 15 公尺高出不少:

Using GPS, private users can navigate with a precision of up to 15 meters (m). Galileo offers a precision of up to 4m for its fully open service.

而商用與軍用可以到公分等級:

Commercial users and official government services can even receive a precision of a few centimeters. This is important, for example, for fully or partially automated planes, cars or ships.

之後應該會有同時支援兩套系統的設備出來... 手機應該也會有?

Facebook 大量蒐集 GPS 定位資訊後用機械學習「猜測」你可能認識的人

Bruce Schneier 這邊看到「Facebook Using Physical Location to Suggest Friends」這則文章,引用自「Facebook is using your phone’s location to suggest new friends—which could be a privacy disaster」這篇報導,報導開頭寫著更新的資訊:

Update (June 28): After twice confirming it used location to suggest new friends, Facebook now says it doesn’t currently use “location data, such as device location and location information you add to your profile, to suggest people you may know.” The company says it ran a brief test using location last year. New story here.

Facebook 第二次確認後發現是標準的「啊!靠腰!是 PR 災難」的處理方式。在第一次跟 Facebook 確認時,Facebook 發言人的正式回覆說明了手機的位置是計算的條件之一:

“People You May Know are people on Facebook that you might know,” a Facebook spokesperson said. “We show you people based on mutual friends, work and education information, networks you’re part of, contacts you’ve imported and many other factors.”

One of those factors is smartphone location. A Facebook spokesperson said though that shared location alone would not result in a friend suggestion, saying that the two parents must have had something else in common, such as overlapping networks.

“Location information by itself doesn’t indicate that two people might be friends,” said the Facebook spokesperson. “That’s why location is only one of the factors we use to suggest people you may know.”

靠背...

結合 Malware 與 Social Engineering 的詐騙

在「Malware scam appears to use GPS data to catch speeding Pennsylvania drivers」這邊看到新的詐騙方式。

手機的 malware app (藏有惡意程式的 app) 會要求 GPS 資料 (現在智慧型手機上 app 的常態),而當 malware app 偵測到你超速時,詐騙集團就會發出假的超速罰單,像是這樣:

From: Speeding Citation
To: (Accurate Email Removed)
Date: 03/11/2016 03:08 PM
Subject: [External] Notification of excess speed
First Name: (Accurate Name removed)
Last Name: (Accurate Name removed)
Notification of excess speed
Route: (Accurate Local Township Road –removed)
Date: 8 March 2016
Time: 7:55 am
Speed Limit: 40
Detected Speed: 52
The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.

文章提用的標語「ACCURATE SPEEDING DATA, FAKE EMAIL」好讚... XD

GPS logger:環天的 DG-100...

24h 上買了這顆「DG-100 GPS 數據紀錄器」,然後在 VirtualBox 裡吃鱉了好幾次,所以還是整理一下,讓之後的人比較好辦事 XD

用過的兩顆 GPS logger 都是用 Prolific 的 PL2303 系列晶片,透過 Serial port 的架構溝通,所以 Ubuntu 下會抓到 /dev/ttyUSB0 這種界面。

由於我的目的比較簡單,只要可以抓 gpx 資訊給我就好,後來在 OpenStreetMap 的 wiki 上找到「Globalsat」的資訊,發現了 GPSBabel 這個軟體可以直接在 Mac OS XLinux 下抓 DG-100 的資料:

gpsbabel -i dg-100,erase=0 -f /dev/ttyUSB0 -o gpx -F "track.gpx"

(話說 GPSBabel 的網站感覺回到十年前...)

看指令,如果指定 erase=1 的話就會清掉記錄?另外在 Mac OS X 下則是指定 /dev/cu.PL2303 開頭的 device。

抓下來以後丟到 Dropbox,然後到世界迷霧裡更新,發現就算是已經跑到爛掉的路線,GPS logger 仍然可以記錄到 iPhone 記錄不到的...