Something odd I've noticed while capturing packets... | |
Milo824
User ID: 69170964 United States 09/15/2015 02:34 AM Report Abusive Post Report Copyright Violation | |
Iamaka
(OP) User ID: 17510645 Sweden 09/15/2015 02:37 AM Report Abusive Post Report Copyright Violation | |
Iamaka
(OP) User ID: 17510645 Sweden 09/15/2015 02:41 AM Report Abusive Post Report Copyright Violation | Why would China go to all that trouble? Quoting: Milo824 They just have to hack the U.S. Government again and download the information. I'm not really sure that it's all China; though perhaps some collaboration with US/Israel might be behind it? I did however find that the majority of HTTP POST requests were directed at "stats.jpush.cn". |
Anonymous Coward User ID: 60356095 United States 09/15/2015 02:42 AM Report Abusive Post Report Copyright Violation | |
Pooch
User ID: 68879988 Canada 09/15/2015 02:44 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 60356095 United States 09/15/2015 02:44 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 46309517 United States 09/15/2015 02:46 AM Report Abusive Post Report Copyright Violation | Fucking weird isn't it? I've given up on trying to understand all the shit flowing through our networks, because every time I look at wireshark pcaps I get pissed. Your best bet is to have a good ids/ips with a locked down firewall... Locked down as in you start out with the BASIC shit you need like http, HTTPS, 5060 for voip a small range of rtp and give up the rest.. If your shit stops working when you have the basics opened for that particular thing, its doing something its not supposed to. If it's connecting to some random server in Bangladesh or south america, its doing shit you don't want it to do. |
Anonymous Coward User ID: 37645337 United States 09/15/2015 02:46 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 69869701 United States 09/15/2015 02:47 AM Report Abusive Post Report Copyright Violation | Why would China go to all that trouble? Quoting: Milo824 They just have to hack the U.S. Government again and download the information. I'm not really sure that it's all China; though perhaps some collaboration with US/Israel might be behind it? I did however find that the majority of HTTP POST requests were directed at "stats.jpush.cn". JPush is a offers many mobile app services, and is integrated with many Chinese apps. So... I'm guessing you're freaking out over Chinese neighbors who are using apps on their phone |
Logros User ID: 53770823 United States 09/15/2015 02:47 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 70318437 Italy 09/15/2015 02:50 AM Report Abusive Post Report Copyright Violation | So how are they transmitting this info, gps, internet. I read a while ago that iphones have 'always on' gps, meaning when the user turns off gps, it only dosables it for the user and apps, but is in fact still on. You seem knowledgeable in this field, could this be the case? |
Anonymous Coward User ID: 70318437 Italy 09/15/2015 02:51 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 69915045 United States 09/15/2015 02:51 AM Report Abusive Post Report Copyright Violation | |
Iamaka
(OP) User ID: 1332342 Netherlands 09/15/2015 02:52 AM Report Abusive Post Report Copyright Violation | {"content":[{"type":"loc_info","itime":1402424204,"network_type":"WIFI,","local_dns":"x.x.x.x","wifi":[{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-45,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-43,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-54,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-68,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-74,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-75,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-45,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-52,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-52,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-80,"age":0}],"cell":[{"cell_id":11403061,"location_area_code":20011,"mobile_country_code":0,"mobile_network_code":0,"signal_strength":-111,"age":0}]}],"platform":"a","uid":2015091403828,"app_key":"1a6c2b4f285782e4223a96a1","sdk_ver":"1.7.5"} POST /v2/report HTTP/1.0 Accept: application/json Accept-Encoding: gzip Content-Encoding: gzip X-App-Key: 1a6c2b4f285782e4223a96a1 Authorization: Basic XXXXxxXXXXxxXXXX== Content-Length: 379 Host: stats.jpush.cn Via: 1.0 PROXY Connection: close |
Iamaka
(OP) User ID: 1332342 Netherlands 09/15/2015 02:54 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 70332419 United States 09/15/2015 02:55 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 70318437 Italy 09/15/2015 02:55 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 70318437 Italy 09/15/2015 02:56 AM Report Abusive Post Report Copyright Violation | |
Iamaka
(OP) User ID: 56695551 United States 09/15/2015 02:58 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 70332419 United States 09/15/2015 02:58 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 53674756 United States 09/15/2015 03:00 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 45064185 United States 09/15/2015 03:01 AM Report Abusive Post Report Copyright Violation | In other words, smartphones are sending info about all nearby MAC'S/ESSID's likely in order to subvert GPS technology. Quoting: Iamaka Interesting. So basically it's the same idea as Facebook, even if you're not on it, they can track you through all your friends on Facebook. except it's happening at a geographic / device layer. sucky. |
Anonymous Coward User ID: 70325384 United Kingdom 09/15/2015 03:03 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 63771909 United States 09/15/2015 03:04 AM Report Abusive Post Report Copyright Violation | |
Iamaka
(OP) User ID: 56695551 United States 09/15/2015 03:04 AM Report Abusive Post Report Copyright Violation | |
Anonymous Coward User ID: 69342050 Netherlands 09/15/2015 03:07 AM Report Abusive Post Report Copyright Violation | Something odd I've noticed while capturing packets for clients who also have multiple public hotspot access points... Quoting: Iamaka Based on real-time MAC address look-ups; there's a shitload of mobile devices out there that are constantly HTTP POST'ing about all nearby MAC addresses and signal strengths, including local Cell ID location info, mostly reporting back to random servers in China. In other words, disabling GPS/Location on your smartphone doesn't mean jackshit if your mobile device is secretly transmitting transmitter details in your near vicinity. cool bro story |
Anonymous Coward User ID: 70288450 United Kingdom 09/15/2015 03:29 AM Report Abusive Post Report Copyright Violation | They ARE spying... Ken Norton, Product Manager at GoogleProduct Manager at Google 16 upvotes by MG Siegler (Partner at Google VenturesPartner at Google Ventures), David Schmidt, Andrew McClenaghan, ... We no longer collect any WiFi information through our Street View driving, but we do populate our location database through client software. For example, if a GPS-enabled mobile phone using Google's location services obtains a GPS fix, those precise GPS coordinates may be sent to Google's servers along with any WiFi and cellular data observed by the phone. Linking WiFi or cellular data with an accurate GPS reading helps us improve the accuracy of our location services, adapt to network changes (such as new cellular towers or relocated WiFi access points) and provide a better experience to people using our services. Client location-sharing is opt-in. Google provides users with notice and control over collection of location, sharing of location and use of location. |
Anonymous Coward User ID: 70288450 United Kingdom 09/15/2015 03:31 AM Report Abusive Post Report Copyright Violation | They ARE spying... Quoting: Anonymous Coward 70288450 Ken Norton, Product Manager at GoogleProduct Manager at Google 16 upvotes by MG Siegler (Partner at Google VenturesPartner at Google Ventures), David Schmidt, Andrew McClenaghan, ... We no longer collect any WiFi information through our Street View driving, but we do populate our location database through client software. For example, if a GPS-enabled mobile phone using Google's location services obtains a GPS fix, those precise GPS coordinates may be sent to Google's servers along with any WiFi and cellular data observed by the phone. Linking WiFi or cellular data with an accurate GPS reading helps us improve the accuracy of our location services, adapt to network changes (such as new cellular towers or relocated WiFi access points) and provide a better experience to people using our services. Client location-sharing is opt-in. Google provides users with notice and control over collection of location, sharing of location and use of location. oh, and... [link to www.cnet.com] <50% Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and them available on the Web without taking the privacy precautions that competitors have, CNET has learned. The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets. Unlike Google and Skyhook Wireless, which have compiled similar lists of these unique Wi-Fi addresses, Microsoft has not taken any measures to curb access to its database. Google tightened controls last month in response to a June 15 CNET article , and Skyhook uses a limited form of geolocation to protect privacy. Live.com database--located at [link to inference.location.live.com] |
Anonymous Coward User ID: 20465160 United States 09/15/2015 03:32 AM Report Abusive Post Report Copyright Violation | couple years ago, even before all this China hacking news I noticed every computer I used everywhere, this pop up would always show about using Chinese character set. turns out that's how their malware was encrypted to avoid anti virus detection, encrypted chinese character set. |
Anonymous Coward User ID: 70288450 United Kingdom 09/15/2015 03:33 AM Report Abusive Post Report Copyright Violation | from [link to samy.pl] -- When the phone detects any wireless network, encrypted or otherwise, it sends the BSSID (MAC address) of the router along with signal strength, and most importantly, GPS coordinates up to the mothership. This page allows you to ping that database and find exactly where any wi-fi router in the world is located. Note that iPhones also send this BSSID and Cell Tower Information up to Apple, as well. You can enter any router BSSID/MAC address to locate the exact physical location below, or try the demonstration router by hitting "Probe" below. Note: Google has taken steps to stop my tool from working, including explicitly blocking me directly. Additionally, their geolocation API will now only share information that Google has on *you* only if you provide them not only information about your router, but unwittingly provide information about *other* people's routers. |