apport's log collecting leaks MAC addresses maybe helping WiFi attacks?
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
apport (Ubuntu) |
Confirmed
|
Undecided
|
Unassigned |
Bug Description
Some people configure their Internet WiFi modems such that
only certain devices, defined by their MAC addresses, can
(try to?) connect. I am aware this is VERY WEAK "security"
since MAC addresses are easily spoofed.
It occurs to me that the logs collected by apport-cli(1)
and friends, when reporting a bug, contain the system's
MAC addresses. Those logs are normally publicly readable
by anyone browsing Launchpad. That means villains could
reap (collect) MAC addresses to spoof and try to obtain an
unintended WiFi connection. (Isn't necessarily easy since
the attacker would have(?) to be within range of the modem
to try?)
I am NOT saying this has happened — I have no idea.
I just wanted to bring this hypothetical(?) problem/attack
to your attention.
ProblemType: Bug
DistroRelease: Ubuntu 20.04
Package: apport 2.20.11-
ProcVersionSign
Uname: Linux 5.4.0-53-generic x86_64
ApportLog:
ApportVersion: 2.20.11-
Architecture: amd64
CasperMD5CheckR
CrashReports:
664:1000:
600:118:
640:1000:
Date: Fri Nov 13 03:03:36 2020
InstallationDate: Installed on 2020-10-19 (24 days ago)
InstallationMedia: Kubuntu 20.04 LTS "Focal Fossa" - Release amd64 (20200423)
PackageArchitec
SourcePackage: apport
UpgradeStatus: No upgrade log present (probably fresh install)
information type: | Private Security → Public Security |
Changed in apport (Ubuntu): | |
status: | New → Confirmed |
Hi,
Thanks for reporting this issue. I'm not sure logs would be as helpful once we remove MAC addresses though, and the user is prompted when Apport pops up whether the information can be sent or not.
Can I make this bug public so that the Apport developers can see it?
It may also be a dupe of bug #1440818.