

How AT&T Recognizes Unauthorized Tethering from Jailbroken iPhones  - dmpatierno
http://www.iphonedownloadblog.com/2011/05/08/how-att-recognizes-unauthorized-tethering-from-jailbroken-iphones/

======
runjake
Last week at a conference, I spoke briefly to an engineer from one of the
large two US telcos on this issue. He indicated they utilized a variety of
methods, including utilized fingerprinting of the IP/TCP headers, and protocol
analysis to help identify traffic. Specifically, I heard TTL mentioned, as
well. He might be a user here.

There are more knowledgeable people than you working on the issue. That said,
I haven't gotten an evil text from using PDAnet, yet. Then again, I don't
tether that much and when I do it's not a lot of data.

~~~
Niten
If you want to be safe, run a VPN on the phone and route all your traffic,
tethered or not, through that.

------
ajg1977
Note: TetherMe (native tethering on jailbroken iPhones) sends all tethered
data through the same APN as mobile data by default so users won't fall foul
of the APN detection method mentioned here.

Of course that wouldn't stop AT&T & Co sniffing browser strings of high data
users, but that's a more complicated system to implement.

~~~
eli
Or just assume that high data users are all tethering.

------
pieter
I'd like to see a proper source of this (other than Android Police / iPhone
Download Blog). I have used MyWi without having any special settings for
tethering (my provider doesn't supply those), and it worked just fine; it
would be a bit silly to go through the trouble of setting up a hotspot and
making sure you're actively routing the data to the 'wrong' APN.

(Note that iPhone Download Blog is the one calling MyWi by name)

Also, if this is the case, wouldn't it be easier for AT&T to just disable the
tethering APN for you if you don't have the tethering option? That would seem
to be much more effective.

~~~
delinka
Every good dealer knows that you don't cut off your customers' supply. You
"work with" them, you send someone to break their legs for not paying, but you
never cut them off.

Seriously, wouldn't it always have been easier just to cut customers off to
prevent things like astronomical texting overages? That would interfere with
that beautiful revenue stream.

~~~
gcb
I think everyone here is only worried with the breaking of legs anyway.

------
dude_abides
A couple of years back, federal regulators (thanks to the efforts of EFF)
declared that jailbreaking an IPhone is not illegal. Since then, Apple has
stopped threatening users with jailbroken IPhones, and also, finding and
patching new vulnerabilities that allow jailbreaking has become a moot point.

In the same vein, has there ever been a verdict on the legality of unofficial
(MyWi-like) tethering?

~~~
jhc
There's a huge difference between jailbreaking an iPhone, which the EFF
established doesn't (necessarily) violate the DMCA, and breaking your contract
by using services from AT&T that you're not paying for. The first means using
something you bought and paid for in a way the manufacturer doesn't want you
to. The second means using a service that the provider charges for, but you're
not paying for. The law is never going to protect the second one.

To start with, tethering without paying for it is definitely a contract
violation, and AT&T could cut off your service, retroactively charge you for
it, or do whatever else (within reason) the contract provides for. There is
little or no legal ambiguity about this. You are getting a service for free
from AT&T that other people are charged for, so you're breaking your deal with
them and owe them damages.

The (slightly) more interesting legal question might be whether AT&T could ask
a prosecutor to bring criminal charges. My uninformed guess is they could,
based on something like "theft of services." If I charged $20 a month for you
to come fill up a one-gallon bucket any time you wanted from my well, and
instead of a bucket you filled up a tanker truck, it would be theft plain and
simple, because you'd knowingly be taking something from me without my
permission.

(Actually I hate physical metaphors for computer stuff, because they usually
distract more than help if you're talking with reasonably technical people. So
let's not get sidetracked with questions like, "what if I filled up the tanker
truck _with the bucket?_" [Unless you happen to enjoy pointless arguments as
much as I do, in which case go for it.] The point is that the contract permits
you to access AT&T's network in certain ways for a certain price, and you're
accessing it in different ways without paying the different price, and the
law's not too likely to be on your side for that one.)

This is all probably hypothetical, though. AT&T wouldn't bother to bring an
expensive lawsuit or risk negative publicity from criminal charges, when they
can (perfectly legitimately) charge you extra under the terms of your contract
and dare you to fight it.

IAAL, in case that changes your assessment of a random person's opinions on
the internet.

~~~
jordanb
Tethering isn't a service though. The service is the data transfer. Tethering
is a feature of the phone (which you own, especially if out of contract).

Here's a metaphor: Imagine if the water company charged you per gallon for
water you used, but then added an additional charge for having a shower. Since
you own plumbing fixtures to which the shower connects, and pay for every
gallon, we would consider it unfair for the water company to charge extra for
an "authorized" shower.

As far as theft of service, what on earth have you stolen? You pay for the
data you transfer. Tethering is simply an "unauthorized" (by the vendor) use
of that data.

~~~
lutorm
However, the water company will most definitely come looking for you if you
start selling water to the neighboring town that has higher water prices,
since then you are profiting from your subsidized water.

The real problem is that somehow the wireless companies, unlike residential
ISPs, have gotten away with not being labeled as pure data transfer companies.
It _should_ be none of their business what data you send, but unfortunately
that's not (legally) the case.

~~~
dclowd9901
The dumb pipe argument has been around for a couple years now. These companies
(cable, satellite, telecom) absolutely _do not_ want to become utilities. It
limits their control over their product, and cuts off several high-yield
revenue streams.

If they were regulated like a utility (water or electricity, for instance),
you would see any and all arbitrary surcharges disappear, and these happen to
be the biggest cash cows for these companies.

------
Osiris
Does anyone know if tethering can be detected on Android phones? I'm curious
what other provides do to try to detect tethering on Android phones.

~~~
kevko
I wrote a non-root tethering app, so I might have a bit of tunnel vision.

First, any good tethering app should be immune to a simple TTL check. The most
likely culprits are instead application traffic patterns. The following
immediately come to mind:

\- Browser user agents

\- Automatic status checks under both OS X and Windows

\- Application behavior:

* Netflix and Hulu on Android isn't supposed to happen.

* Browsers like Chrome are very aggressive and can open dozens of simultaneous TCP connections. DNS prefetching can also generate dozens of requests over UDP in a very short time window.

~~~
Osiris
Can you avoid these issues by establishing an SSH or VPN tunnel through the
3G/4G connection?

~~~
kevko
Yep. Any non-root tethering app should just show the encrypted tunnel as a
connection originating from the device itself. Just make sure that DNS
requests don't leak when using an SSH tunnel. In fact, a simple port-
forwarding app is all that's really necessary for most tunnel cases.

All of this makes a $6-$8/mo SSH/VPN privacy service (e.g., cotse.net) rather
intriguing.

~~~
rasengan
Most properly configured VPN service providers will reroute any DNS request
traffic to their private NS servers (e.g., privateinternetaccess.com).

Another thing I'd like to mention is MPPE is not functioning in most Android
builds, so don't rely on PPTP based VPNs on your phone - encryption won't
work! Make sure your VPN service provider has IPSec/L2TP tunneling available.

Obviously root users should opt for OpenVPN. (e.g., cyanogenmod 7+)

------
amorphid
I tested my Verizon HTC Thunderbolt 4G's download speeds today. I got over 7
megabits per second down. It also got 4 megabits up!

------
phonehome
They'll find other ways i.e. looking at the UserAgent in any unsecured HTTP
request would signal tethering

~~~
xorglorb
Not really. You could always write a browser app for iOS or Android that uses
Firefox or Chrome's user agent to have servers return the full desktop
version.

~~~
phonehome
If I was AT&T looking for unauthorized tethering folk, I'd focus on the people
that are using > 2 GB a month + other various heuristics. Something deff
smells funny if someone is using substantial bandwidth and much of the traffic
is with a UserAgent like Firefox or Chrome

------
conradev
I heard they checked for varying TTL values?

~~~
kevko
TTLs should not affect PdaNet if it is written like any of the other non-root
tethering apps. Mac and Windows update pings are probably a good indicator,
however.

------
gcb
anyone actually knows what the old unlimited contract says about this?

