Godlike Productions - Discussion Forum
Users Online Now: 2,083 (Who's On?)Visitors Today: 505,040
Pageviews Today: 866,088Threads Today: 384Posts Today: 5,859
11:05 AM


Rate this Thread

Absolute BS Crap Reasonable Nice Amazing
 

Something odd I've noticed while capturing packets...

 
Iamaka
Offer Upgrade

User ID: 17510645
Sweden
09/15/2015 02:28 AM
Report Abusive Post
Report Copyright Violation
Something odd I've noticed while capturing packets...
Something odd I've noticed while capturing packets for clients who also have multiple public hotspot access points...

Based on real-time MAC address look-ups; there's a shitload of mobile devices out there that are constantly HTTP POST'ing about all nearby MAC addresses and signal strengths, including local Cell ID location info, mostly reporting back to random servers in China.

In other words, disabling GPS/Location on your smartphone doesn't mean jackshit if your mobile device is secretly transmitting transmitter details in your near vicinity.

Last Edited by Iamaka on 09/15/2015 02:31 AM
Milo824

User ID: 69170964
United States
09/15/2015 02:34 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
Why would China go to all that trouble?
They just have to hack the U.S. Government again and download the information.
Milo824
Iamaka  (OP)

User ID: 17510645
Sweden
09/15/2015 02:37 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
The IDS filters were what first alerted me about these strange packets.

So after monitoring past 72-hours, I can honestly say, a lot of people have call-home mobile reporting devices in their pockets.
Iamaka  (OP)

User ID: 17510645
Sweden
09/15/2015 02:41 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
Why would China go to all that trouble?
They just have to hack the U.S. Government again and download the information.
 Quoting: Milo824


I'm not really sure that it's all China; though perhaps some collaboration with US/Israel might be behind it?

I did however find that the majority of HTTP POST requests were directed at "stats.jpush.cn".
Anonymous Coward
User ID: 60356095
United States
09/15/2015 02:42 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
bump

For further discussion
Pooch

User ID: 68879988
Canada
09/15/2015 02:44 AM

Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
wtfdid
Anonymous Coward
User ID: 60356095
United States
09/15/2015 02:44 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
With the snowden nsa stuff, it was a collaboration between all sorts of countries. China could just be the receiver that then re-distributes it all out. Also, aren't almost all of the devices manufactured there?
Anonymous Coward
User ID: 46309517
United States
09/15/2015 02:46 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
Fucking weird isn't it? I've given up on trying to understand all the shit flowing through our networks, because every time I look at wireshark pcaps I get pissed. Your best bet is to have a good ids/ips with a locked down firewall... Locked down as in you start out with the BASIC shit you need like http, HTTPS, 5060 for voip a small range of rtp and give up the rest.. If your shit stops working when you have the basics opened for that particular thing, its doing something its not supposed to. If it's connecting to some random server in Bangladesh or south america, its doing shit you don't want it to do.
Anonymous Coward
User ID: 37645337
United States
09/15/2015 02:46 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
bump
Anonymous Coward
User ID: 69869701
United States
09/15/2015 02:47 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
Why would China go to all that trouble?
They just have to hack the U.S. Government again and download the information.
 Quoting: Milo824


I'm not really sure that it's all China; though perhaps some collaboration with US/Israel might be behind it?

I did however find that the majority of HTTP POST requests were directed at "stats.jpush.cn".
 Quoting: Iamaka


JPush is a offers many mobile app services, and is integrated with many Chinese apps.

So... I'm guessing you're freaking out over Chinese neighbors who are using apps on their phone
Logros
User ID: 53770823
United States
09/15/2015 02:47 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
You didn't know google and others are tracking your every moves? It's strictly for targeted advertising purposes, theoretically.
Anonymous Coward
User ID: 70318437
Italy
09/15/2015 02:50 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
So how are they transmitting this info, gps, internet. I read a while ago that iphones have 'always on' gps, meaning when the user turns off gps, it only dosables it for the user and apps, but is in fact still on.

You seem knowledgeable in this field, could this be the case?
Anonymous Coward
User ID: 70318437
Italy
09/15/2015 02:51 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
You didn't know google and others are tracking your every moves? It's strictly for targeted advertising purposes, theoretically.
 Quoting: Logros 53770823


I think we all know that, this is different.
Anonymous Coward
User ID: 69915045
United States
09/15/2015 02:51 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
bumpbump5a5a5abump5a5a5a5ayodabump
Iamaka  (OP)

User ID: 1332342
Netherlands
09/15/2015 02:52 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
{"content":[{"type":"loc_info","itime":1402424204,"network_ty​pe":"WIFI,","local_dns":"x.x.x.x","wifi":[{"mac_address":"xx:​xx:xx:xx:xx:xx","signal_strength":-45,"age":0},{"mac_address"​:"xx:xx:xx:xx:xx:xx","signal_strength":-43,"age":0},{"mac_add​ress":"xx:xx:xx:xx:xx:xx","signal_strength":-54,"age":0},{"ma​c_address":"xx:xx:xx:xx:xx:xx","signal_strength":-68,"age":0}​,{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-74,"ag​e":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strength":-7​5,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_strengt​h":-45,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","signal_st​rength":-52,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx","sign​al_strength":-52,"age":0},{"mac_address":"xx:xx:xx:xx:xx:xx",​"signal_strength":-80,"age":0}],"cell":[{"cell_id":11403061,"​location_area_code":20011,"mobile_country_code":0,"mobile_net​work_code":0,"signal_strength":-111,"age":0}]}],"platform":"a​","uid":2015091403828,"app_key":"1a6c2b4f285782e4223a96a1","s​dk_ver":"1.7.5"}

POST /v2/report HTTP/1.0
Accept: application/json
Accept-Encoding: gzip
Content-Encoding: gzip
X-App-Key: 1a6c2b4f285782e4223a96a1
Authorization: Basic XXXXxxXXXXxxXXXX==
Content-Length: 379
Host: stats.jpush.cn
Via: 1.0 PROXY
Connection: close
Iamaka  (OP)

User ID: 1332342
Netherlands
09/15/2015 02:54 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
In other words, smartphones are sending info about all nearby MAC'S/ESSID's likely in order to subvert GPS technology.
Anonymous Coward
User ID: 70332419
United States
09/15/2015 02:55 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
You just gotta accept that if you use a smartphone you're being spied on. Only way to prevent it is to take your battery off your phone which I know is impossible for iphones.
Anonymous Coward
User ID: 70318437
Italy
09/15/2015 02:55 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
surely people arent dumb enough to walk around with their phones online? Is this whats happening? Its as dumb as having bluetooth enabled.

They get what they deserve.
Anonymous Coward
User ID: 70318437
Italy
09/15/2015 02:56 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
Its like the dumb fucks who use their phones for online banking. Absolutley fucking stupid.
Iamaka  (OP)

User ID: 56695551
United States
09/15/2015 02:58 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
You just gotta accept that if you use a smartphone you're being spied on. Only way to prevent it is to take your battery off your phone which I know is impossible for iphones.
 Quoting: Anonymous Coward 70332419


I accept, and I've nothing to hide.

Still kinda cool though to monitor bugs. bug
Anonymous Coward
User ID: 70332419
United States
09/15/2015 02:58 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
Its like the dumb fucks who use their phones for online banking. Absolutley fucking stupid.
 Quoting: Anonymous Coward 70318437


If you're broke as fuck does it really matter?
Anonymous Coward
User ID: 53674756
United States
09/15/2015 03:00 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
The IDS filters were what first alerted me about these strange packets.

So after monitoring past 72-hours, I can honestly say, a lot of people have call-home mobile reporting devices in their pockets.
 Quoting: Iamaka


What platform do you use for IDS?
Anonymous Coward
User ID: 45064185
United States
09/15/2015 03:01 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
In other words, smartphones are sending info about all nearby MAC'S/ESSID's likely in order to subvert GPS technology.
 Quoting: Iamaka



Interesting. So basically it's the same idea as Facebook,
even if you're not on it, they can track you through all
your friends on Facebook.

except it's happening at a geographic / device layer.

sucky.
Anonymous Coward
User ID: 70325384
United Kingdom
09/15/2015 03:03 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
When you finally realize you are nothing more than an extension to a machine, you better get to rustin', cos old papa yellow gonna get you all in line buyin' cheapy plastic products to shove up yo slave ass
Anonymous Coward
User ID: 63771909
United States
09/15/2015 03:04 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
Its like the dumb fucks who use their phones for online banking. Absolutley fucking stupid.
 Quoting: Anonymous Coward 70318437


If you're broke as fuck does it really matter?
 Quoting: Anonymous Coward 70332419


Iamaka  (OP)

User ID: 56695551
United States
09/15/2015 03:04 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
The IDS filters were what first alerted me about these strange packets.

So after monitoring past 72-hours, I can honestly say, a lot of people have call-home mobile reporting devices in their pockets.
 Quoting: Iamaka


What platform do you use for IDS?
 Quoting: Anonymous Coward 53674756


Good ones.
Anonymous Coward
User ID: 69342050
Netherlands
09/15/2015 03:07 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
Something odd I've noticed while capturing packets for clients who also have multiple public hotspot access points...

Based on real-time MAC address look-ups; there's a shitload of mobile devices out there that are constantly HTTP POST'ing about all nearby MAC addresses and signal strengths, including local Cell ID location info, mostly reporting back to random servers in China.

In other words, disabling GPS/Location on your smartphone doesn't mean jackshit if your mobile device is secretly transmitting transmitter details in your near vicinity.
 Quoting: Iamaka


cool bro story
Anonymous Coward
User ID: 70288450
United Kingdom
09/15/2015 03:29 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
They ARE spying...


Ken Norton, Product Manager at GoogleProduct Manager at Google
16 upvotes by MG Siegler
(Partner at Google VenturesPartner at Google Ventures), David Schmidt, Andrew McClenaghan, ...


We no longer collect any WiFi information through our Street View driving, but we do populate our location database through client software. For example, if a GPS-enabled mobile phone using Google's location services obtains a GPS fix, those precise GPS coordinates may be sent to Google's servers along with any WiFi and cellular data observed by the phone. Linking WiFi or cellular data with an accurate GPS reading helps us improve the accuracy of our location services, adapt to network changes (such as new cellular towers or relocated WiFi access points) and provide a better experience to people using our services. Client location-sharing is opt-in. Google provides users with notice and control over collection of location, sharing of location and use of location.
Anonymous Coward
User ID: 70288450
United Kingdom
09/15/2015 03:31 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
They ARE spying...


Ken Norton, Product Manager at GoogleProduct Manager at Google
16 upvotes by MG Siegler
(Partner at Google VenturesPartner at Google Ventures), David Schmidt, Andrew McClenaghan, ...


We no longer collect any WiFi information through our Street View driving, but we do populate our location database through client software. For example, if a GPS-enabled mobile phone using Google's location services obtains a GPS fix, those precise GPS coordinates may be sent to Google's servers along with any WiFi and cellular data observed by the phone. Linking WiFi or cellular data with an accurate GPS reading helps us improve the accuracy of our location services, adapt to network changes (such as new cellular towers or relocated WiFi access points) and provide a better experience to people using our services. Client location-sharing is opt-in. Google provides users with notice and control over collection of location, sharing of location and use of location.
 Quoting: Anonymous Coward 70288450


oh, and...

[link to www.cnet.com]

<50%
Microsoft has collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world and them available on the Web without taking the privacy precautions that competitors have, CNET has learned.
The vast database available through Live.com publishes the precise geographical location, which can point to a street address and sometimes even a corner of a building, of Android phones, Apple devices, and other Wi-Fi enabled gadgets.
Unlike Google and Skyhook Wireless, which have compiled similar lists of these unique Wi-Fi addresses, Microsoft has not taken any measures to curb access to its database. Google tightened controls last month in response to a June 15 CNET article , and Skyhook uses a limited form of geolocation to protect privacy.

Live.com database--located at [link to inference.location.live.com]
Anonymous Coward
User ID: 20465160
United States
09/15/2015 03:32 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
couple years ago, even before all this China hacking news I noticed every computer I used everywhere, this pop up would always show about using Chinese character set. turns out that's how their malware was encrypted to avoid anti virus detection, encrypted chinese character set.
Anonymous Coward
User ID: 70288450
United Kingdom
09/15/2015 03:33 AM
Report Abusive Post
Report Copyright Violation
Re: Something odd I've noticed while capturing packets...
from
[link to samy.pl] --

When the phone detects any wireless network, encrypted or otherwise, it sends the BSSID (MAC address) of the router along with signal strength, and most importantly, GPS coordinates up to the mothership.

This page allows you to ping that database and find exactly where any wi-fi router in the world is located. Note that iPhones also send this BSSID and Cell Tower Information up to Apple, as well.

You can enter any router BSSID/MAC address to locate the exact physical location below, or try the demonstration router by hitting "Probe" below.

Note: Google has taken steps to stop my tool from working, including explicitly blocking me directly.

Additionally, their geolocation API will now only share information that Google has on *you* only if you provide them not only information about your router, but unwittingly provide information about *other* people's routers.





GLP