iOS 透過無線網路的 RCE...

在「About the security content of iOS 10.3.1」這邊的說明:

Available for: iPhone 5 and later, iPad 4th generation and later, iPod touch 6th generation and later
Impact: An attacker within range may be able to execute arbitrary code on the Wi-Fi chip
Description: A stack buffer overflow was addressed through improved input validation.
CVE-2017-6975: Gal Beniamini of Google Project Zero

這描述看起來就不太妙...

歐盟法院認為公開無線網路的營運者不需要對使用者的侵權行為負責

歐盟法院 (The Court of Justice of the European Union) 認為公開無線網路的營運者不需要對使用者的侵權行為負責:「EU Court: Open WiFi Operator Not Liable For Pirate Users」。

不過這是有一些前提的,法院認為應該要符合這幾個要件,營運方才不要負責。基本上完全沒有 filter 限制的無線網路會符合這些條件:

The Court further notes that in order for such ‘mere conduit’ services to be exempt from third party liability, three cumulative conditions must be met:

– The provider must not have initiated the transmission
– It must not have selected the recipient of the transmission
– It must neither have selected nor modified the information contained in the transmission.

帶這並不代表丟著不管,而是在發生後要求改善:

In an effort to strike a balance between protecting a service provider from third party liability and the rights of IP owners, the Court ruled that providers can be required to end infringement.

“[T]he directive does not preclude the copyright holder from seeking before a national authority or court to have such a service provider ordered to end, or prevent, any infringement of copyright committed by its customers,” the Court found.

One such measure could include the obtaining of an injunction which would force an operator to password-protect his open WiFi network in order to deter infringement.

但法院並不同意直接監控:

On a more positive note, the Court rejected the notion of monitoring networks for infringement or taking more aggressive actions where unnecessary.

“[T]he directive expressly rules out the adoption of a measure to monitor information transmitted via a given network. Similarly, a measure consisting in terminating the internet connection completely without considering the adoption of measures less restrictive of the connection provider’s freedom to conduct a business would not be capable of reconciling the abovementioned conflicting rights,” the Court concludes.

網路對現在的言論自由非常重要,所以只有在確認侵犯他人權益的情況下才採取必要措施,歐盟法院這樣判大概是覺得這樣吧...

WiGLE (Wireless Geographic Logging Engine)

WiGLE 是個蒐集無線網路資訊的服務 (i.e. SSID、mac address 以及定位位置),依照維基百科上的資料,WiGLE 計畫從 2001 年開始,到現在快十五年了:

The first recorded hotspot on WiGLE was uploaded in September 2001.

趁著最近 Pokémon Go 會跑來跑去,就順便幫忙蒐集資料了...

目前我蒐集資料的方式是透過 WiGLE 的 Android 應用程式 (Wigle Wifi Wardriving) 開著讓他背景跑,然後回到家以後上傳,過一陣子讓系統更新後就可以看到了。

Audi 準備在 New York International Auto Show 上惡搞無線網路

就是車商的那個 Audi 打算在 New York International Auto Show 上惡搞無線網路,推銷自家的 A4:「Audi is trolling the competition with its Wi-Fi at the New York Auto Show」。

據說再過幾天就會知道實際情況了...

在 Boeing 787 上上網...

酷航有些飛機是 787 了,這台飛機有提供 Internet 上網功能 (WiFi HotSpot),一個小時是 USD$11.95,三個小時是 USD$16.95,二十四小時是 USD$24.95。

扣掉起降的時間,成田飛桃園差不多可以買三個小時的方案來用,服務是由 T-Mobile 提供:

看起來應該是走衛星線路,從德國落地後再連出來,快的時候可以到 1Mbps,慢的時候大約在 128Kbps,latency 大約是 1000ms,而 packet loss rate 其實不高,線路還蠻穩定的。

這次來回都有買,算是嘗鮮玩玩看,之後應該還是會在飛機上睡覺吧 XDDD

利用 MAC address 抓出網路攝影機 (AirBnB 事件後續的反制)

之前 AirBnB 的屋主在屋內安裝攝影機而打官司的事情繼續被討論:「Beware, houseguests: Cheap home surveillance cameras are everywhere now」。有人提出自救方法,作者使用 DropCam 與 Withings 的 MAC Address Prefix 抓出網路攝影機:「Detect and disconnect WiFi cameras in that AirBnB you’re staying in」。

由於 MAC address 不需要知道 WPA passphase,所以可以直接掃出來。作者提供的程式需要使用 airmon-ng 來掃無線網路。

另外作者有點出這個方法可以打掛透過無線網路的裝置 (像是 WiFi jammer),用在安全機制上 (也就是這些產品本來的設計) 未必有效,還是建議用有線網路接:

For the record, I’m well aware DropCam and Withings are also sold as baby monitors and home security products. The very fact this code exists should challenge you to reconsider the non-sane choice to rely on anything wireless for home security. More so, WiFi jammers - while illegal - are cheap. If you care, use cable.

另外要注意的是,在美國地區使用這樣的技術可能是違法的,使用時請自己負責:

It may be illegal to use this script in the US. Due to changes in FCC regulation in 2015, it appears intentionally de-authing WiFi clients, even in your own home, is now classed as ‘jamming’. Up until recently, jamming was defined as the indiscriminate addition of noise to signal - still the global technical definition. It’s worth noting here that all wireless routers necessarily ship with the ability to de-auth, as part of the 802.11 specification.

捷藍 (JetBlue) 將透過衛星提供 WiFi 給機上乘客...

JetBlue 將會透過衛星轉接,提供機上乘客 WiFi 服務:「JetBlue Launches Satellite-Based Inflight Wi-Fi」。

原始報導「JetBlue launches high-speed wi-fi during flights」內有提到價位是 USD$9/hr:

The airline will also offer a live video streaming high-bandwidth plan called Fly-Fi Plus for applications like streaming movies. It costs $9 per hour.

hmmm...

Mozilla 推出的定位服務...

Mozilla 推出定位服務:「Introducing the Mozilla Location Service」,也就是 Mozilla Location Service

行動裝置利用收到的 WiFi 以及基地台訊號資訊定位的服務。這也是 GPS 定位以外最常被用到的方法 (尤其是室內與地下)。

維基百科的「Cell ID」這個條目可以看到很多類似的服務,可以看到兩個比較大的:

不過 Mozilla 的名號使得 Mozilla 推出的這個服務成長的相當迅速:

可以看出來 Mozilla 一宣佈後才一個多禮拜就直接 double,不知道要到什麼程度才會趨緩...

目前雖然比起其他的服務還差了一大截,不過有希望在半年一年內成為權威的 Location Service...