[Arm-netbook] Good netbook based on Cortex-A9

[freebirds at fastmail.fm]

On Mon, Jul 30, 2012, at 08:35 AM, Gordan Bobic wrote:

> >> I've yet to see any actual evidence that this is exploitable by 3rd
> >> parties. I am reasonably sure that only the AP locations are being fed
> >> back to the base by devices. But if all MAC addresses were being fed
> >> back and used for location, then I guess you could (though not anywhere
> >> nearly in realtime) query the _rough_ location of a device with known
> >> MAC address by reporting back that you are near it, and see what the
> >> database says your location is. I would be interested in seeing any
> >> evidence that such a hack is actually exploitable. I rather doubt it.

The article I previously cited:
http://community.spiceworks.com/topic/143800-public-tracking-of-your-phone-tablet-by-mac-address
cited three articles. The first article is
http://news.cnet.com/8301-31921_3-20070742-281/exclusive-googles-web-mapping-can-track-your-phone/
This article describes people querying the location of their laptops
which were never used as a hot spot. "Wi-Fi-enabled devices, including
PCs, iPhones, iPads, and Android phones, transmit a unique hardware
identifier, called a MAC address, to anyone within a radius of
approximately 100 to 200 feet. If someone captures or already knows that
unique address, Google and Skyhook's services can reveal a previous
location." So does Apple and Microsoft.

At the end of the article, CNet requests: "We're trying to learn more
about how the physical locations of device MAC addresses are recorded
and updated. Please help! You can do that by sending us e-mail with your
wireless MAC address, what city you live in, and what type of device it
is." 

> Ironically, having every Android device have to have a SSL 
> certificate unique to it (like iPhones do) - something you could 
> implement using one of the secure extensions you so hate - would make 
> such an attack much harder. But the chances of having all Android 
> devices have such a thing and having Google enforce device 
> authentication via the said certificate are so close to 0 (at least any 
> time soon).

A comment in the cited article partially address this: "The issue is
that it isn't something you can opt out of since it isn't your device
that is sending the info to Google -- it is the devices that are near
you that are picking up your MAC address being broadcast over Wi-Fi and
sending it to Google." "Kermode: You need to reread the article. This is
not about your phone transmitting data to the mothership. This is about
*nearby* phones transmitting your MAC address to their mothership."

It is both. The user's phone, tablet and netbook transmitting its MAC
address and the MAC address of all nearby wifi devices (desktop
computers, laptops, phones, tablets, routers) and nearby wifi devices
transmitting the MAC address of your wifi devices. Thereby, consumers
unknowingly spy on each other without getting paid. Apple does this too.
A SSL certificate does not prevent Apple using its iphone and ipads as
spies.

> Having said that, there is no way the device should be transmitting it's 
> MAC address if it is disabled (in software, see rfkill command), or if 
> your laptop has a hardware switch, with it flipped to the off position. 
> If it does, that's really poor.

New netbooks have a BIOS that no longer offers an option of disabling
wifi and bluetooth. Disabling wifi in the OS does not suffice. The wifi
turns on when the computer turns on and turns back on when the computer
shuts off.  A MAC spoofing program does not suffice for the same reason.
The wifi turns on when the computer boots up before the OS and the
spoofing program, such as MAC Changer, starts up. The wifi turns back on
when the computer shuts off after the OS and the MAC spoofing program
shuts down. It takes only a moment for MAC addresses to be transmitted.

> >> But it doesn't matter considering you can generate yourself a new random MAC address every time you go to establish a connection.

It does matter. The real MAC address is visible prior to spoofing the
MAC to establish a connection. MAC addresses are visible and transmitted
by nearby Google, Apple and Microsoft devices regardless whether the MAC
address connects to the internet.

I gave an example of this last week. That was not a one time occurrence.
Since 2010, the MAC address to my wifi cards have been geolocated even
when I am not online. Hence, in 2010, I removed the half mini pci cards.
I use USB network adapters only when I need to go online.

> The nice thing about ARM and other embedded SoCs is that there is no 
> BIOS. If you are lucky, you get uboot, and there is no way that will 
> come with anything WiFi related built in.
> 
> Having said that, it is still plausible, especially on devices that 
> don't come with a firmware blob, that the device might come up all on 
> it's own, as soon as it powers up. This is something that can only 
> really be established experimentally. So in a way, the "free software" 
> view that binary firmware blobs are bad actually works against you in 
> this case, because that firmware blob is in the hardware and potentially 
> enabled the hardware to power up on it's own and be functional 
> regardless of what the driver does. If the device requires a firmware 
> blob to be loaded by the driver before it can even activate, then this 
> is might be less likely to cause the sort of problem you are talking
> about.
> 
> So the only real way to establish this is to experiment. Whether the 
> WiFi device is free software friendly or not doesn't really make much 
> difference either way.

The reason I am posting this is to ask members to experiment and report
back the results and to explain the need for the experiments to everyone
who didn't read the articles I cited last week and/or didn't read the
first article cited by spiceworks. The articles are not old articles
about Google's war driving truck. The articles are on manufacturers of
OS (Google, Apple and Microsoft) and Skyhook transmitting the MAC
addresses of all nearby wifi devices (not just hot spots and routers).
Disabling location service on a phone is not a solution.

It is too expensive for me to order ARMs and MIPS devices from China to
experiment and return the devices that turn on wifi during boot up and
shut down. For example, FedEx quoted $122 to ship back the Yeeloong. A
computer repair shop could not remove the three screws. I suspect the
screws were very tightly screwed by the Lemote to prevent customers from
opening them up. I easily unscrewed screws in Asus, Gateway, Acer, MSI
and the 7" inch VIA 8650 netbook.

Feel free to post your experiment in this mailing list or email me at
freebirds at fastmail.fm. Thank you.

-- 
http://www.fastmail.fm - Send your email first class