Lollipop Wifi Connectivity Check Feature - Android General

Hi,
first of all, my apologies if i am posting this in the wrong section, i read the sticky but i consider this more a discussion rather than a request for help.
Most of you probably know the little exclamation point next to the wifi symbol in the status bar that you get since Lollipop when the network does not offer Internet connectivity.
I tried to locate the feature in the AOSP codebase but was not apt enough to come up with anything relevant, though i did log the network while disabling/enabling wifi to see what it does, and apparently it sends out a couple of DNS queries. I have yet to check it more thoroughly with Wireshark.
So in theory, from a privacy point of view, Google could trace your account/model/network anytime you connect etc.
I am quite interested in how it works exactly, and if i, for instance, could hard code my own server's address into it.
I have read some things that relate this connectivity check to a setting "global captive_portal" (or similar), but was unable to reproduce on Lollipop.
It is also quite strange that apparently no one discussed this before (from a privacy point of view).
So i would be happy to hear what you people have to say about it.
Ciao

Related

[Q] Won't reconnect manual network without SSID broadcast?

So the S3 has known WiFi issues, but mine seems to have none of the issues I've read about thus far. It does have one irritating thing that has been driving me crazy for the longest time. If I ever move outside of the range of my network, reboot, or etc such that the WiFi has to be reestablished, it will decide that my network is "out of range" even though the signal is well within an acceptable minimum (it's a tad bit weak, but, once established it holds extremely steady pretty much no matter what I'm doing.) If I remove and re-add the network settings it works perfectly, again with a stable signal and perfect speeds until the next time I move out of range or reboot.
For now I've reenabled SSID broadcast, but I really liked the idea of having it off as it's a ridiculously simple yet strikingly effective security mechanism (I like the "security through obscurity" methods when I can -- especially since I'm having to use the old WEP encryption protocol to support some older devices, though I'm just about ready just to give up on them at this point. Even the best hacker in the world couldn't get into my network if (s)he never actually made any attempt to do so in the first place.) With SSID enabled, it has no troubles picking up my network every time, it just won't automatically pick it up without it.
Is this just an issue with the software itself or something? Anything that can be fixed from the user side, or is it something that can only be fixed by an update to the OS or related software itself? (But then with 4.1 coming soon supposedly I'm kind of hoping that if it is an issue with the software that would fix it. Still, that's a while away at least and this is assuming their plans aren't messed up with this whole lawsuit business causing them so many problems right now.)
If you have SSID broadcast disabled, how do you expect your phone to recognize the network? I can see how it would work if you enable SSID, connect to your network then disable it again, but it's not going magically reconnect with SSID disabled, its not logical seeing your SSID is what makes it possible for your phone to find your network.
Sent from my SCH-I535 using xda app-developers app
Wep sucks ofcourse but how about just setting up a mac addy auth to give another layer of security and enable ur ssid
Sent from my SCH-I535
I do use MAC address filtering if that's what you mean. While it might stop a script kiddie, I don't have a huge amount of confidence in it. MAC address spoofing is so pitifully easy than with computer equipment at least you usually are even presented with a configuration option that lets you specifically change the MAC address to anything you want. I'm definitely sticking with it because, well, there's absolutely no reason not to, but I actually have less confidence in MAC address filtering to stop anyone than disabled SSID broadcasting because anyone actually actively trying to break in should pretty much immediately bypass that particular mechanism right off.
Shibby87 said:
If you have SSID broadcast disabled, how do you expect your phone to recognize the network? I can see how it would work if you enable SSID, connect to your network then disable it again, but it's not going magically reconnect with SSID disabled, its not logical seeing your SSID is what makes it possible for your phone to find your network.
Click to expand...
Click to collapse
ALL other devices are smart enough to search for a manually configured network if they actually know the SSID to search for. My Roku, my Android 2.2 "Internet Tablet" (basically a PDA) by Archos, my Nintendo DS (this is the main thing holding me back at WEP, and as ancient and pitiful as its networking is, even IT can connect on its own without making me manually recreate the settings every time!) and my EeePC running Windows XP without any software to manage the WiFi settings except the built-in Windows thing.
Nazo said:
So the S3 has known WiFi issues, but mine seems to have none of the issues I've read about thus far. It does have one irritating thing that has been driving me crazy for the longest time. If I ever move outside of the range of my network, reboot, or etc such that the WiFi has to be reestablished, it will decide that my network is "out of range" even though the signal is well within an acceptable minimum (it's a tad bit weak, but, once established it holds extremely steady pretty much no matter what I'm doing.) If I remove and re-add the network settings it works perfectly, again with a stable signal and perfect speeds until the next time I move out of range or reboot.
For now I've reenabled SSID broadcast, but I really liked the idea of having it off as it's a ridiculously simple yet strikingly effective security mechanism (I like the "security through obscurity" methods when I can -- especially since I'm having to use the old WEP encryption protocol to support some older devices, though I'm just about ready just to give up on them at this point. Even the best hacker in the world couldn't get into my network if (s)he never actually made any attempt to do so in the first place.) With SSID enabled, it has no troubles picking up my network every time, it just won't automatically pick it up without it.
Is this just an issue with the software itself or something? Anything that can be fixed from the user side, or is it something that can only be fixed by an update to the OS or related software itself? (But then with 4.1 coming soon supposedly I'm kind of hoping that if it is an issue with the software that would fix it. Still, that's a while away at least and this is assuming their plans aren't messed up with this whole lawsuit business causing them so many problems right now.)
Click to expand...
Click to collapse
hidden ssid enabler will solve this problem. it works great for me. follow the directions in comments of play store though.
You know, I do believe that did actually solve the problem. I guess more testing is needed, but in my initial test it seems to have worked just fine with the SSID broadcast set to hidden again (I even rebooted the router and phone both just to be sure the settings fully took.)
It still strikes me as being a bit dumb that my ancient Nintendo DS that can't even handle WPA can handle a non-broadcast SSID and my previous Android PDA could as well, yet this Android phone couldn't out of the box...

[Q] Hotspot Hacking from Wan?

I have concerns related to the security of S4 as a hotspot. While using the device as a hotspot it
became extremely hot, and started to malfunction. I could see that no one other than myself was
connected to the hotspot. Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
When using an S4 with (selinux enforcing) as a hotspot, is there any risk that a malicious webserver operator
can somehow access the device using the carrier assigned (dynamic) ip address?
What type of protections (on the wan side) should be in place to properly secure an S4 with 4.3 for use as a hotspot
so the device itself can't be compromised? (assuming no 3rd party apps are installed) I assume device encryption would
not help this situation because the device has to be decrypted to run the hotspot. It's unclear samasung knox 1.0 could
provide anything useful, and I think they force packets through lookout so it slows the connection.
greens1240 said:
I have concerns related to the security of S4 as a hotspot. While using the device as a hotspot it
became extremely hot, and started to malfunction. I could see that no one other than myself was
connected to the hotspot. Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
When using an S4 with (selinux enforcing) as a hotspot, is there any risk that a malicious webserver operator
can somehow access the device using the carrier assigned (dynamic) ip address?
What type of protections (on the wan side) should be in place to properly secure an S4 with 4.3 for use as a hotspot
so the device itself can't be compromised? (assuming no 3rd party apps are installed) I assume device encryption would
not help this situation because the device has to be decrypted to run the hotspot. It's unclear samasung knox 1.0 could
provide anything useful, and I think they force packets through lookout so it slows the connection.
Click to expand...
Click to collapse
bump
greens1240 said:
Other unusual activity was observed as well, and the carrier has taken
extreme & unusual steps to prevent me from discussing it with their employees.
Click to expand...
Click to collapse
would you elaborate on that?
keen36 said:
would you elaborate on that?
Click to expand...
Click to collapse
Those are actually 2 separate issues even though the carrier's actions may seem unusual.
I don't see https in the url for this site, and when I try to force https it redirects to remove the ssl,
so privacy didn't matter here?
Some of the unusual activity involved messages about "sim data" refresh/change when no 3rd party
apps were ever installed, the phone wasn't rooted, and updates turned off. Apps that were turned off
showed subsequent network activity. After a factory reset, disabling some apps and changing other
settings, the main issue was the phone getting extremely hot when using the hotspot to test a vpn
service (vpn settings config on pc not on android).
If your phone number ends up on that "list" you should expect management to take an approach with you
as if litigation is underway. Expect very little cooperation, leave 15 messages over a 30 day
period with 5 different corporate managers to finally get a return call from yet a different manager who
finally admits they have ways to prevent your phone from getting through to support or customer service.
They must have thought none of their customers would figure out that advanced call rejection features
can do all kinds of things, such as put select callers on hold indefinitely, forward the call to a number that
rings but never answers, have the caller hear fast busy signals, have the caller hear a message that no
one is available to take their call, etc, etc. A word to anyone with a cell phone - If you can't get through
using 611 or the carrier's toll free numbers, try calling from a different phone, and if you get through
with the different phone, then you know.
xda admins probably thought that encryption is not overly important, this being a public forum and all... i would also prefer ssl everywhere, but it does add a layer of complexity and also increases demand on the server, so i can see why it is not implemented here.
what do you mean with
Code:
"sim data" refresh/change
? what do you mean when you say you have apps "turned off"?
i can easily see you getting blocked if you annoy any support-hotline too much. i do not see something especially suspicious about that.
if i may be honest: you appear to be a little paranoid.
keen36 said:
xda admins probably thought that encryption is not overly important, this being a public forum and all... i would also prefer ssl everywhere, but it does add a layer of complexity and also increases demand on the server, so i can see why it is not implemented here.
what do you mean with
Code:
"sim data" refresh/change
? what do you mean when you say you have apps "turned off"?
i can easily see you getting blocked if you annoy any support-hotline too much. i do not see something especially suspicious about that.
if i may be honest: you appear to be a little paranoid.
Click to expand...
Click to collapse
As network packets travel over the Internet, anyone with physical access to a network device (within the packet route) can view your activity without your knowledge. There are redirection protocols used by thousands of businesses and ISPs to divert port 80 traffic to web caches, internet filtering appliances, and data mining "honeypots". Not sure if still true today that network router and Layer 3 switches manufactured by Cisco ship with a redirection protocol (WCCP) that can be used to re-reroute HTTP traffic through an external filtering or a logging device. Most would agree when it comes to discussions about network security- exchanging plain text email, and requesting advice on plain text message boards is not the best practice.
"refreshing sim data" was a message I observed after the s4 was rebooted. It seemed odd that the message appeared when there was no update or installations. But I'm not an expert on the device, for all I know it might be normal to see the message when there's no activity. As far as turning off apps, it's normal to turn off apps that use resources, drain battery, etc. if you don't need them. Turning off, not deleting, and changing permissions doesn't appear to be an option on 4.3 without a 3rd party app.
As far as sounding paranoid, there's a lot more to the story that I didn't go into involving what looks like attempted identity/phone theft by the carrier's own employee(s) or reseller(s). The way the situation was handled it genuinely looked like a cover up, and still does.
There is still the issue of securing a hotspot which no one from any tier 2 support centers has been able to answer. Not sure if a droidwall or other firewall would be doing anything beneficial since I assume any port scanning would be of the device connected to the hotspot rather than the s4 itself.
yes, anyone along the route can intercept the packets and even read them if they aren't encrypted. yes, there exist man-in-the-middle attacks. yes, most would agree that when exchanging security related information, it would be best to encrypt. that doesn't change what i said: this board is not security oriented, it is a public, developer oriented board. encryption is not very important here, so the admins must have thought that the benefits of not encrypting outwheigh the risk. if you really have sensitive security-related questions, this is not the right place to ask them, i fear.
what do you do exactly when you "turn off" an app? step-by-step?
have you tried googling what "refreshing sim data" does and why it is happening? it looks harmless to me!
last thing, to get this clear: you think that someone hacked your hotspot because the phone gets hot and unstable when you use it? no, wait, you have about a thousand small other things that also point to that explanation, right? this sounds like a case of unfounded paranoia to me. i have some experience with paranoid schizophrenics, and while i am not (!) calling you that, i have to advise you that the way you argue reminds me of them.
you are looking for suspicious things and you do not understand enough about these phones (they are ridiculously complex, so that is quite normal i might add) to see whether something is suspicious or not.
keen36 said:
yes, anyone along the route can intercept the packets and even read them if they aren't encrypted. yes, there exist man-in-the-middle attacks. yes, most would agree that when exchanging security related information, it would be best to encrypt. that doesn't change what i said: this board is not security oriented, it is a public, developer oriented board. encryption is not very important here, so the admins must have thought that the benefits of not encrypting outwheigh the risk. if you really have sensitive security-related questions, this is not the right place to ask them, i fear.
Click to expand...
Click to collapse
Do you know a better place to ask advanced security related questions about Samsung/Android? Google and Samsung tech support are unable to answer many basic security questions. Anything advanced is a foreign language to them.Ask 1000 Samsung employees "What is Knox?" and 999 will answer "Never heard of it." Most don't care about security, and never will unless and until they become a victim, and have a substantial loss.
keen36 said:
what do you do exactly when you "turn off" an app? step-by-step?.
Click to expand...
Click to collapse
I used app manager. I'f you're familiar with S4 running 4.3 then you're familiar with app manager.
keen36 said:
have you tried googling what "refreshing sim data" does and why it is happening? it looks harmless to me!
Click to expand...
Click to collapse
This message may be related to updating network tower(s) info which I agree, by itself would be harmless.
keen36 said:
last thing, to get this clear: you think that someone hacked your hotspot because the phone gets hot and unstable when you use it? no, wait, you have about a thousand small other things that also point to that explanation, right? this sounds like a case of unfounded paranoia to me. i have some experience with paranoid schizophrenics, and while i am not (!) calling you that, i have to advise you that the way you argue reminds me of them.
Click to expand...
Click to collapse
There's constant network inbound/outbound activity while the device is idle according to the indicator. The activity could be perfectly benign. Many native apps communicate with the network, but it is also possible to turn off (restrict) background activity to limit which apps have network access. I wouldn't know what it is without running a program such as wireshark. A paranoid schizophrenic might think an app that had permission to access the microphone, recorded audio in the room, then encrypted & uploaded it to a server for later retrieval. That could never happen in the real world right?
I'm merely asking questions about various events which may or may not be signs that there's a problem, but I've not concluded anything. More importantly I'm hoping to find information on how to properly secure a hotspot. You've not offered any information about this so I assume you feel no hardening, modifications, or additions are necessary, and in using default settings the device is impenetrable.
keen36 said:
you are looking for suspicious things and you do not understand enough about these phones (they are ridiculously complex, so that is quite normal i might add) to see whether something is suspicious or not.
Click to expand...
Click to collapse
I agree, they are complex. Tech support is of no use, they simply are not trained to respond to a question such as "Is there a firewall running on the device?" "Is code checked for malware by human eyes before an app is put on playstore, or simply trust unknown authors and feedback?"
no, i am sorry, i do not know about any android security related web communities.
i use a sony phone on kitkat, so no, i have no idea what you mean with "app manager". i just want to know what that program did; did it uninstall the apps, did it disable them, did it freeze (rename) them? i have never heard of an app being "turned off", that's why i ask.
what you describe with the microphone listening and uploading what it records to the internet, that is happening every time you open google voice search or -if you use the google now launcher- everytime you go to the homescreen
i do not know how you got the idea that i think that your device is impenetrable ([email protected] sentence btw. )? that is a ridiculous thought, i would never say such a thing. in fact, i am of the conviction that no absolute security can exist on a device which is connected to the internet. there is a reason why some security-related programs are built on machines with no internet access at all.
if you know how to use wireshark, why don't you just use it? if i had to take an uneducated guess, i would think that you would then realise that the network activity you see is benign (not malicious i mean, you might very well discover some nice datamining activity by google etc. ).
i do not know your usecase, if you are living in a country which has an oppressive regime, if you are a general target for hackers somehow (public figure / working at a security-related position etc.), then yes, it might make sense to look at your phones security in detail. if that is not the case, however, then no, i do not think that additional hardening of your hotspot is needed...

Lollipop and AES WiFi Fail

Apologies if this has been noted elsewhere. The search didn't bring it up.
Since upgrading my OPO to CM12, I have noted that after deep sleeping, my phone wakes with a "Wifi Authentication Error," without fail. Apparently, Lollipop has a coding problem, wherein it won't reconnect to AES, but apparently is ok in reconnecting to routers with TKIP encryption. Unfortunately for me, TKIP disables WPS, and I have several devices that use WPS to connect to my network (Printers), so I need AES.
Looking at the following page, it seems I am not alone, and that a lot of people have the same issue.
I will state right now, that I am definitely not attacking the CM devs, as this looks thoroughly like a Google coding issue.
If you are having the same issue, then please check out this link, and click on the star in the top left corner. Google still looks on this as a minor issue, when it isn't.
https://code.google.com/p/android/issues/detail?id=78702&

Tracking Help with ISOLVED app

Last week my employer began using isolved time tracker for our work group. We began using it on 9-21-15. On 9-30-15, it was brought to my attention that my 'punches' were being logged from non-work locations. I believe there is a flaw or defect in the mobile software but I'll forward those questions to the software company. One thing I was able to find in my defense was the Google location log on my phone. I know that these items can be edited. I'm afraid that the edit factor may not allow this log to help my case but it does bring some other questions into play. Im hoping someone here with a higher level of knowledge in the field can educate me.
First question-
My location setting is always on and the location method is set to wifi and networks. I do NOT use the GPS option. How does my phone plot my locations? For example, it shows me at my home address at 6:53 am and then my work address at 7:27 am. I assume it's going off my home wifi connection and then my work wifi once I arrive and connect. I also notice it will show a time of 7:27-8:59 at my office, and once I arrive at another work location (and I would assume), connect to work wifi, the next location appears in my location log at that particular time. So, if Im at building B from 11:15 until 1:50, my location will show 'building B 11:15 am - 1:50 pm.' Not to sound redundant but, does the phone/location log know this because of the wifi connection?
What I am concerned most with is, all of my punch-ins for work are showing they were done from my home. I'm hoping to find a rock-solid way to orove that I was in fact at work when I was supposed to be. Would Sprint have any way of showing my locations at various times without me making any calls, sending any texts, or using any data? Do their towers have a constant lock on me and is there a log the can provide?
Thank you for reading through this long winded message. Desperate times call for desperate measures. I would greatly appreciate any help, advice, or ideas. Many, MANY, thanks in advance.
Mike~
hebejebe said:
Last week my employer began using isolved time tracker for our work group. We began using it on 9-21-15. On 9-30-15, it was brought to my attention that my 'punches' were being logged from non-work locations. I believe there is a flaw or defect in the mobile software but I'll forward those questions to the software company. One thing I was able to find in my defense was the Google location log on my phone. I know that these items can be edited. I'm afraid that the edit factor may not allow this log to help my case but it does bring some other questions into play. Im hoping someone here with a higher level of knowledge in the field can educate me.
First question-
My location setting is always on and the location method is set to wifi and networks. I do NOT use the GPS option. How does my phone plot my locations? For example, it shows me at my home address at 6:53 am and then my work address at 7:27 am. I assume it's going off my home wifi connection and then my work wifi once I arrive and connect. I also notice it will show a time of 7:27-8:59 at my office, and once I arrive at another work location (and I would assume), connect to work wifi, the next location appears in my location log at that particular time. So, if Im at building B from 11:15 until 1:50, my location will show 'building B 11:15 am - 1:50 pm.' Not to sound redundant but, does the phone/location log know this because of the wifi connection?
What I am concerned most with is, all of my punch-ins for work are showing they were done from my home. I'm hoping to find a rock-solid way to orove that I was in fact at work when I was supposed to be. Would Sprint have any way of showing my locations at various times without me making any calls, sending any texts, or using any data? Do their towers have a constant lock on me and is there a log the can provide?
Thank you for reading through this long winded message. Desperate times call for desperate measures. I would greatly appreciate any help, advice, or ideas. Many, MANY, thanks in advance.
Mike~
Click to expand...
Click to collapse
If you were on location and your device connected to your work WiFi, your IT/IS Department should have logs of that connection, they may need your MAC address to verify, but that should be proof enough.

[Completed] can anyone help me sort through miscellaneous apps and adhoc networks and such?

I recently,(as a novice!), ran an ipconfig to see if I could deduce why my wired connection was sucky. I discovered what it seems is a piggy back on my network. I logged into my modem to make sure ipv6 and other perts were disabled and haven't been able to log into my modem since. (Hacker locked me out?) Anyways after following permissions through various apps, programs, cms prompts, PowerShell, etc it seems I have a ghost machine on my pc,(STILL NOVICE-ish!), and I am trying to track it down. Because of my suspicions on who it may be I am not ready to call law enforcement for help. Any advice is appreciated! I used to work from my pc, but my security software provider was unable to help cause ,I think, my email is being re-routed and screened, and since I work with sensitive info and all my devices were set to keep me from finding answers I needed(permissions, and url redirects) I am crying for help. My savings is gone and I need to be able to work on the computer! Thanks!
XDA Visitor said:
I recently,(as a novice!), ran an ipconfig to see if I could deduce why my wired connection was sucky. I discovered what it seems is a piggy back on my network. I logged into my modem to make sure ipv6 and other perts were disabled and haven't been able to log into my modem since. (Hacker locked me out?) Anyways after following permissions through various apps, programs, cms prompts, PowerShell, etc it seems I have a ghost machine on my pc,(STILL NOVICE-ish!), and I am trying to track it down. Because of my suspicions on who it may be I am not ready to call law enforcement for help. Any advice is appreciated! I used to work from my pc, but my security software provider was unable to help cause ,I think, my email is being re-routed and screened, and since I work with sensitive info and all my devices were set to keep me from finding answers I needed(permissions, and url redirects) I am crying for help. My savings is gone and I need to be able to work on the computer! Thanks!
Click to expand...
Click to collapse
Hello
Thanks for using XDA Assist.
Given your report, we could not determine the Manufacturer & Model of your device in order to better approach your issue.
I will have to ask you to create a new Thread where you could be as detailed as possible regarding your devices information and issue.
Nice regards and good luck.
THREAD CLOSED
.

Categories

Resources