Thursday, March 3, 2011

Now I remember why I don't pay much attention to this kind of stuff

Recently I enabled location services on my MacBook.  That couldn't do too much, right?  The MacBook doesn't have a GPS attached.  A quick check from whatsmyip (go there, then do the "IP Address Lookup") gave a location several miles from my actual one.  Clearly that's as close as it can get.

Well, actually, it was accurate to within a hundred yards or so.

After double-checking that I really, really didn't have a GPS, I dug up what was really happening:   Like many of us, I'm connected to the internet through a wireless router.  That router has a unique MAC address by default.  The MacBook's networking layer knows this (otherwise it can't function), so when I'm on my home network, I'm associated with a particular MAC address.

Several parties, including Apple, keep a database of locations of wireless routers.  They get these locations by "wardriving" -- driving along looking for WiFi signals and using old-school radio techniques to pinpoint roughly where the signal is coming from.  Location services simply contacts the mothership with the MAC address of the router to get the physical location out of the database.  This has all been around a while.  I'm just slow on the uptake.

Assuming everything's working as intended, this doesn't mean that any random person on the internet can find out your location.  You decide whether to share that information, just like you decide whether to share a particular file (caveat: I'm not sure how secure a MacBook's default settings are).  Still, it's another for the growing list of unsettling privacy issues (maybe I'll create a new tag).

As I understand it, there's not a whole lot you can do about this form of information gathering, though I didn't delve deep enough into the IEEE standards docs to be sure I had a definitive answer.  From what I can make out, though, the source and destination MAC addresses have to be on every packet, unencrypted.  Otherwise your router would have to try to decode every encrypted packet it received against the session keys for every active connection in order to see if it was the intended recipient.

Given that, turning off broadcasting of your SSID, using WPA2, whitelisting MAC addresses and so forth is not going to make a difference.  The wardriver just has to sniff for packets and note the MAC addresses.  That's not to say you shouldn't use WPA2 -- you absolutely should, as it provides decent protection against eavesdropping and unauthorized connections -- just that it won't prevent someone from knowing that a router with a given MAC address is in a given location.

There are some countermeasures you can take:
  • Use your router's "MAC cloning" feature to set its MAC to something already in the database (if you choose a MAC not in the database, it will get added with your location next time the car comes by).  Your friends and foes will then think you're in sunny Tahiti or wherever.
  • Don't use WiFi
    • String a bunch of Cat 5 cable and give up the convenience of wirelessness
    • Use a smart phone as a tether -- this has its own set of privacy issues, but I'm not familiar with them and ignorance is bliss [I doubt this helps that much.  A tethering phone looks like any other WiFi router to a wardriver, including having a MAC address.  If you only use the tethering in one place, say your home, there's no real difference from using any other WiFi router.  If you move around, there will be a record that your MAC address was seen at several places, which is probably not what you want --D.H. Sep 2015].
  • Disable location services.  The world will know that there's a wireless router at a given location, but won't be able to associate it with you or your computer (or at least, not quite as easily)
  • Build a suitable Faraday cage around your network.
  • Don't worry, be happy.
Please understand I'm not recommending any of these, except possibly the last.


Anonymous said...

I like the "Use your router's "MAC cloning" feature". Wouldn't it be nice to have the database of MAC addresses per location? >:->

Oh, well random 48 bits are fine...
It should be less than 48 if you want to narrow it to a suitable manufactor...


earl said...

Can a signal get out of a Faraday cage? I'm sure Bobby McFerrin could.