As a security professional who gets paid to hack into high-value networks, Mark Wuergler often gets a boost when his targets use smartphones, especially when the device happens to be an iPhone that regularly connects to Wi-Fi networks.
That's because the iPhone is the only smartphone he knows of that transmits to anyone within range the unique identifiers of the past three wireless access points the user has logged into. He can then use off-the-shelf hardware to passively retrieve the routers' MAC (media access control) addresses and look them up in databases such as Google Location Services and the Wireless Geographic Logging Engine. By allowing him to pinpoint the precise location of the wireless network, iPhones give him a quick leg-up when performing reconnaissance on prospective marks.
"This is interesting on a security level because I'll know where you work, I'll know where you live, and know where you frequent," Wuergler, who is a Senior Security Researcher for Miami-based Immunity Inc., told Ars. "If the last access point you connected to was your home, for example, I'll know right where to go to get to you later or get to your data. If I'm an attacker that wants to break into your company, this becomes a disclosure that an attacker isn't going to pass up."
The exposure of MAC addresses extends not only to iPhones, but to all Apple devices with Wi-Fi capabilities, he said. It means that whenever the wireless features are enabled and not connected to a network—for instance, during a brief encounter at a Starbucks—they broadcast the unique identifiers, and it's trivial for anyone nearby to record them. Wuergler speculates the behavior is a feature designed to automate configuration for networks users regularly access.
Apple did not respond to our requests for comment for this article.
Smartphones of all stripes
While MAC address leakage appears to be unique to Apple products (according to Wuergler), smartphones of all stripes expose so much valuable information that Wuergler has created an application he calls "Stalker" to streamline its collection. Running on a laptop, Stalker vacuums up passwords, images, email and any other data that is sent unencrypted and organizes it in an easy-to-read interface.
A screen capture from Stalker, an application developed by Mark Wuergler.
Previously accessed network names and unencrypted Facebook chats, emails, and attached documents are all there, along with the name of each smartphone user who exposed them. Stalker presents the collected data in aggregate or allows the user to view the contents retrieved from a specific smartphone owner. Stalker also calls on programming interfaces offered by Google and other location services to automatically plot the recently connected Wi-Fi networks on a map.
In some cases, it's possible for Wuergler and his colleagues to pinpoint people with ties to a given company just by examining the information Stalker has passively collected. When, for example, the researchers encounter a phone that has recently connected to Wi-Fi networks with the names IBM-Corp and IBM-Conference, they know the device had successfully connected to those SSIDs at least once before. Like the MAC addresses leaked by iPhones, this data is shared each time a smartphone of any type tries to connect to an access point.
In other cases, the names of friends and colleagues exposed in email and encounters on Facebook and other sites can give the attackers the personal information they need to trick their mark into revealing even more sensitive information. They have also devised ways to mine any manner of smartphone apps for personal information that is routinely sent in the clear. An app for the Pandora music service, for instance, reveals the birth year, zip code, and sex the user used to register an account.
In theory, smartphone apps can use the secure sockets layer protocol to prevent sensitive information from being spied on. The problem is that many apps still don't provide a way for users to know when their sessions are protected. And frequently those protections aren't enabled by default and must be turned on deep in the phone's configuration menu. In the case of exposed MAC addresses and SSIDs, there's no way at all to shield that data from prying eyes other than to erase entries from the phone each time a network has been accessed.
Stalker also has the capability to steal login credentials from browsers that store passwords. It works by injecting hidden forms into a user's browsing session that mimic the forms used to log in to corporate email accounts and websites. Because the fields are invisible, they can be added even when the target is visiting a completely unrelated site, giving little indication anything is awry.
Stalker relies on what its author calls a "Man Within Range of You" attack. Unlike man-in-the-middle exploits—in which a hacker sits between the victim and the site he's connecting to and monitors or tampers with data as its passed from one to the other—the app plucks data from radio signals transmitted in the vicinity of the smartphone and relies on the same airwaves to broadcast spoofed information back to the targeted device. When successful, so-called race conditions work by zapping the falsified data to the target before the legitimate source can.
Give me convenience or give me security
In many respects, Stalker is a dramatic example of the risks posed by today's smartphone, which was designed with speed and utility as its chief selling points.
"It's widening all of the attack vectors that I can use against you," Wuergler said. "All of the conveniences that are being extended to you are also being extended to an attacker, just making it easier for identity thieves and corporate attackers."
He said the best advice for people concerned about smartphone security is to limit the kinds of personal information they entrust to their devices. Users can also benefit by turning off their device's Wi-Fi as much as possible.
"I do use my phone on wireless networks, but I don't store a lot of personal data on my phone," he said. "If you put your personal data on there, you don't even need to be connected to a wireless network for me to be able to break into your phone."
Update:
(Wuergler said he has tested a variety of phones running iOS, Android and Blackberry operating systems, but has not provided Ars with a specific list.) Updated to reflect that IBM-Corp and IBM-Conference were hypothetical SSIDs.
A 
If you own, or have access to, a 3D printer then it's a snip to 
It would be great to play on 
Dmitry Grinberg's design allows an Atmel microcontroller to run a full GNU/Linux operating system - albeit slowly.
It's made out a few 3D printed parts, which connect the two stepper motors to the power driver, Arduino board and Bluetooth--and batteries of course. Two pulleys help you string DoodleBOT to the surface and keep it balanced (as yet there is nothing to help the poor robot grip to its canvas). To get it doing its thing, place a pen, pencil or brush in the holder and turn on Bluetooth. Once connected to your computer, use the arrow keys to direct DoodleBOT, and off it goes!
Miguel is still working on the robot, to get it working with Microsoft's Kinect (you could use arm movements instead of arrows) and to remove the limitation of needing a constant line. With an extra servomotor, Miguel believes he could create dotted lines and other complicated patterns.
DoodleBOT may be very simple and not the most good looking robot out there, but you have to love the amazing designs it's capable of, and the ease of controlling its movements. Check it out in the video below, or here.
It was built using an Arduino and a bunch of other spare parts. The robot is controlled via a web interface. It’s easier to just let them explain how it works. This is a robot playing drums, and that’s good enough for me.
“The Arduino receives the string, unpacks it back to a pattern and simple loops over the steps controlling each servo.” It also has “Horns” which are 2 small fans with a servo that push a piece of plastic against the blades. This little bot is fun to watch and seems like he would be a good jamming partner too. For more about how this bot was made check out 
"The good news is that our first 2,000 boards arrived in the UK on Monday and that we are working to get them CE marked as soon as is humanly possible, in parallel with bringing the remainder of our initial batch into the country," added the foundation.
"On the basis of preliminary measurements, we expect emissions from the uncased product to meet category A requirements comfortably without modification, and possibly to meet the more stringent category B requirements which we had originally expected would require a metalised case." A case will not be part of the Raspberry Pi device until educational models are released, but since this early release is for enthusiasts, a case is less important.
Firm delivery dates for these early, uncased releases are not yet available. µ
