How NSA identifies you by just starting your windows PC

Thanks to the fine research paper found here http://www.icir.org/vern/papers/trackers-pets16.pdf  YOU ARE easiliy identified when you just start your windows PC and log onto the internet – not requiring you any user-inaction.

You are identified by either: HTTP Identifiers or NON-HTTP Identifiers

HTTP Identifiers

Application-specific: The first category is identifiers sent by applications other than browsers. For example, Skype sends a user identifier uhash in a URL of the format http://ui.skype.com/ui/2/2.1.0.81/ en/getlatestversion?ver=2.1.0.81&uhash= . The parameter uhash is a hash of the user ID, their password, and a salt, and remains constant for a given Skype user [12]. uhash can very well act as an identifier for a user; a monitor who observes the same value from two different clients/networks can infer that it reflects the same user on both. Another example in this category is a Dropbox user_id sent as a URL parameter. We discovered that since the Dropbox application regularly syncs with its server, it sends out this identifier—surprisingly, every minute—without requiring any user action.

Mobile devices: Our methodology enabled us to discover that the Apple weather app sends IMEI and IMSI numbers in POST requests to iphone-wu.apple.com. We can recognize these as such, because the parameter name in the context clearly names them as IMEI and IMSI; the value also matches the expected format for these identifiers. Other apps also send a number of device identifiers, such as phone make, advertising ID,4 SHA1 hashes of serial number, MAC address, and UDID (unique device identifier) across various domains, such as s.amazon-adsystem.com, jupiter.apads.com and ads.mp.mydas.mobi. The iOS and Android mobile SDKs provide access to these identifiers.

http-identifiers

NON-HTTP Identifiers

Device identifiers sent by iOS/OSX: We found instances of device identifiers sent on port 5223. Apple devices use this port to maintain a persistent connection with Apple’s Push Notification (APN) service, through which they receive push notifications for installed apps.

An app-provider sends to an APN server the push notification along with the device token of the recipient device. The APN server in turn forwards the notification to the device, identifiying it via the device token [2]. This device token is an opaque device identifier, which the APN service gives to the device when it first connects. The device sends this token (in clear text) to the APN server on every connection, and to each app-provider upon app installation. This identifier enabled us to identify 68 clients in our dataset as Apple devices. The devices sent their device token to a total of 407 IP addresses in two networks belonging to Apple (17.172.232/24, 17.149/16).

non-http-identifiers

The work http://www.icir.org/vern/papers/trackers-pets16.pdf was supported by the Intel Science and Technology Center for Secure Computing, the U.S. Army Research Office and by the National Science Foundation.

Copy of Publication here: trackers-pets16

Advertisements

Kommentar verfassen

Trage deine Daten unten ein oder klicke ein Icon um dich einzuloggen:

WordPress.com-Logo

Du kommentierst mit Deinem WordPress.com-Konto. Abmelden / Ändern )

Twitter-Bild

Du kommentierst mit Deinem Twitter-Konto. Abmelden / Ändern )

Facebook-Foto

Du kommentierst mit Deinem Facebook-Konto. Abmelden / Ändern )

Google+ Foto

Du kommentierst mit Deinem Google+-Konto. Abmelden / Ändern )

Verbinde mit %s