Home » Posts tagged "wifi"

在 Ubuntu 16.04 上面隨機改變無線網卡的 MAC address

在「Randomize your WiFi MAC address on Ubuntu 16.04」這邊看到作者在介紹如何在 Ubuntu 上藉由改變無線網卡的 MAC address 保護自己的隱私:

Your device’s MAC address can be used to track you across the WiFi networks you connect to. That data can be shared and sold, and often identifies you as an individual. It’s possible to limit this tracking by using pseudo-random MAC addresses.

成果像是這樣:

主要應該是給 Ubuntu 的筆電使用者用...

WPA2 安全漏洞

話說 WPA2 也撐了十三年了:

WPA2 became available in 2004 and is a common shorthand for the full IEEE 802.11i (or IEEE 802.11i-2004) standard.

這次的漏洞可以參考「Severe flaw in WPA2 protocol leaves Wi-Fi traffic open to eavesdropping」這邊。

PoC 稱作 KRACK (Key Reinstallation Attacks),漏洞將會在十一月正式發表,從會議的標題名稱大概可以知道方向,是對 Nonce 下手:「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。另外站台 www.krackattacks.com 已經放好,等後續的發表更新了。

對於無線網路的各種漏洞,老方法還是目前最有效的方法,也是這次的 workaround 之一:上強度足夠的 VPN。

Update:補上論文「Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2」。

iOS 11 的無線網路與藍芽關假的讓 EFF 不爽...

這次 iOS 11 的無線網路與藍芽需要到 Settings (設定) 裡面才能有效關掉的設計,讓 EFF 不爽寫了一篇文章:「iOS 11’s Misleading “Off-ish” Setting for Bluetooth and Wi-Fi is Bad for User Security」。

On an iPhone, users might instinctively swipe up to open Control Center and toggle Wi-Fi and Bluetooth off from the quick settings. Each icon switches from blue to gray, leading a user to reasonably believe they have been turned off—in other words, fully disabled. In iOS 10, that was true. However, in iOS 11, the same setting change no longer actually turns Wi-Fi or Bluetooth “off.”

不過藍芽的洞真的不少,儘量避免吧... +_+

在飯店裡攻擊企業的高階主管

算是為什麼企業要提供 Full Routing VPN 的一個攻擊管道的說明...

這篇介紹了在飯店裡透過 WiFi 攻擊企業的高階主管,想辦法塞木馬取得資訊,或是滲透進企業內部的網路:「Hackers are using hotel Wi-Fi to spy on guests, steal data」。

Those behind the campaign have continually evolved their tactics and malware payloads, blending phishing and social engineering with a complex Trojan, in order to conduct espionage on corporate research and development personnel, CEOs, and other high-ranking corporate officials.

有點介於 APT 與一般性的攻擊中間...

iOS 透過無線網路的 RCE...

在「About the security content of iOS 10.3.1」這邊的說明:

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero

這描述看起來就不太妙...

歐盟法院認為公開無線網路的營運者不需要對使用者的侵權行為負責

歐盟法院 (The Court of Justice of the European Union) 認為公開無線網路的營運者不需要對使用者的侵權行為負責:「EU Court: Open WiFi Operator Not Liable For Pirate Users」。

不過這是有一些前提的,法院認為應該要符合這幾個要件,營運方才不要負責。基本上完全沒有 filter 限制的無線網路會符合這些條件:

The Court further notes that in order for such ‘mere conduit’ services to be exempt from third party liability, three cumulative conditions must be met:

– The provider must not have initiated the transmission
– It must not have selected the recipient of the transmission
– It must neither have selected nor modified the information contained in the transmission.

帶這並不代表丟著不管,而是在發生後要求改善:

In an effort to strike a balance between protecting a service provider from third party liability and the rights of IP owners, the Court ruled that providers can be required to end infringement.

“[T]he directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers,” the Court found.

One such measure could include the obtaining of an injunction which would force an operator to password-protect his open WiFi network in order to deter infringement.

但法院並不同意直接監控:

On a more positive note, the Court rejected the notion of monitoring networks for infringement or taking more aggressive actions where unnecessary.

“[T]he directive expressly rules out the adoption of a measure to monitor information transmitted via a given network. Similarly, a measure consisting in terminating the internet connection completely without considering the adoption of measures less restrictive of the connection provider’s freedom to conduct a business would not be capable of reconciling the abovementioned conflicting rights,” the Court concludes.

網路對現在的言論自由非常重要,所以只有在確認侵犯他人權益的情況下才採取必要措施,歐盟法院這樣判大概是覺得這樣吧...

WiGLE (Wireless Geographic Logging Engine)

WiGLE 是個蒐集無線網路資訊的服務 (i.e. SSID、mac address 以及定位位置),依照維基百科上的資料,WiGLE 計畫從 2001 年開始,到現在快十五年了:

The first recorded hotspot on WiGLE was uploaded in September 2001.

趁著最近 Pokémon Go 會跑來跑去,就順便幫忙蒐集資料了...

目前我蒐集資料的方式是透過 WiGLE 的 Android 應用程式 (Wigle Wifi Wardriving) 開著讓他背景跑,然後回到家以後上傳,過一陣子讓系統更新後就可以看到了。

在 Boeing 787 上上網...

酷航有些飛機是 787 了,這台飛機有提供 Internet 上網功能 (WiFi HotSpot),一個小時是 USD$11.95,三個小時是 USD$16.95,二十四小時是 USD$24.95。

扣掉起降的時間,成田飛桃園差不多可以買三個小時的方案來用,服務是由 T-Mobile 提供:

看起來應該是走衛星線路,從德國落地後再連出來,快的時候可以到 1Mbps,慢的時候大約在 128Kbps,latency 大約是 1000ms,而 packet loss rate 其實不高,線路還蠻穩定的。

這次來回都有買,算是嘗鮮玩玩看,之後應該還是會在飛機上睡覺吧 XDDD

Archives