Extracting Private Info from Public Services

In this talk, we will present public services that expose previously-hidden client devices, making them measurable and vulnerable. First, we will show that by participating in the NTP Pool—a public, volunteer-run collection of Network Time Protocol servers—we can learn billions of live, mostly client IPv6 devices. Using this dataset, we show that the transition from v4 to v6 has resulted in the removal of the de facto firewall of the Internet—NAT boxes— thus permitting us to connect to more phones, lights and printers over v6 than is possible over v4. Second, we will show that Apple’s public WiFi-based Positioning System reveals the locations and Basic Service Set Identifiers of billions of WiFi access points around the world, permitting us to track the locations of high-value targets like military deployments across the world. Collectively, these findings demonstrate the dangers of public services and the challenges involved in using them safely.