Feature #16180
iPhone USB tethering support
100%
Description
Hi,
Quick tests let me think that USB tethering with iPhones and tails may not be functionnal.
Its especially problematic, considering that sharing a phone connection with USB tethering can be a good workaround (*) when Wifi is not working with Tails : lot of recent Macs seems to have the problem and their users may be more likely to own iPhones.
When you try to activate USB tethering on an iPhone, the phone prints instructions about installing iTunes on the computer. Quick research let me think that adding a few additionnal packages (usbmuxd, libimobiledevice) may solve the problem, in the same way than additional packages may have been necessary for MTP support.
Refs: https://wiki.debian.org/iPhone & https://wiki.archlinux.org/index.php/IPhone_tethering
(*) with limitations for the Mac spoofing feature etc :(.
Subtasks
History
#1 Updated by mercedes508 2018-12-03 14:10:05
- Status changed from New to Confirmed
#2 Updated by geb 2019-05-09 18:05:04
- Subject changed from Investigate about iPhone USB tethering support to iPhone USB tethering support
- Status changed from Confirmed to In Progress
- Target version set to Tails_3.15
Hi,
I managed to have a working connection using an iphone through USB Tethering
(debug informations has been sent using whisperback)
It required :
- usbmuxd
- ipheth-utils
- libimobiledevice-utils
All of them are available with Debian and were installed via the additionnal software feature.
I Waited for those packages to be installed, and desactivated mac spoofing feature.
After that it was only necessary to plug the iphone, activate connection sharing, and confirm the computer is trusted to access the internet.
Tested IPhone model 6s plus. Tested IOS 10.4.15 (as far i recall ; sent the exact version number using whisperback).
Next steps :
- Test Other Iphones models / IOS versions
- Verify if desactivating mac spoofing is necessary.
Then, i’ll submit a patch to include those packages. Maybe will we want to have a security evaluation of the precise interactions they have with the iphone before including them in Tails.
It may also be worthly to document the use of USB tethering when Wifi is not working and its concequences (like the fact mac spoofing will not work).
I would like to try to have this feature included in 3.15.
#3 Updated by geb 2019-05-10 15:58:04
Please let me know if it would a good idea to send more traces of working connections from other models/versions to frontdesk, or if it would just be unnecessary noise.
#4 Updated by geb 2019-06-29 13:01:08
- Target version changed from Tails_3.15 to Tails_3.16
#5 Updated by geb 2019-08-14 20:34:54
- Status changed from In Progress to Needs Validation
- Assignee deleted (
geb) - Feature Branch set to geb/tails/feature/13463-pppoe-support
- Type of work changed from Research to Code
Hi,
Please review : git.tails.boum.org:geb/tails/feature/16180-iphone-tethering-support
A working test log was send to whisperback : 83a2c51d1fcc7fe677816d8f91971877
I’ll try to test a few differents models (using both 4G & Wifi) within the next week-s.
If it would be possible to build an iso using jenkins, I can test them directly, otherwise I’ll test using persistence and additionnal packages as of the first test.
Please let me know if you are interested about specific tests, if I should send more logs using whisperback, etc.
@sajolida do you think it would be interesting to document the use of usb tethering when Wifi is not working ? Not only it would provide another workaround than usb adapters, but it would also allow to document security concerns than people may encounter if they try it by themself (like the fact mac spoofing will not work, or only change the usb<>ethernet interface).
#6 Updated by geb 2019-08-14 20:38:24
- Feature Branch changed from geb/tails/feature/13463-pppoe-support to geb/tails/feature/feature/16180-iphone-tethering-support
#7 Updated by geb 2019-08-14 21:38:38
oups, wrong branch
#8 Updated by intrigeri 2019-08-15 06:30:05
- Assignee set to intrigeri
- Target version changed from Tails_3.16 to Tails_4.0
(The topic branch is based on devel but 3.16 will be a bugfix release built from stable.)
#9 Updated by intrigeri 2019-08-15 06:39:23
- Status changed from Needs Validation to In Progress
- Assignee changed from intrigeri to geb
Hi @geb! Thanks for working on this :)
> If it would be possible to build an iso using jenkins, I can test them directly […]
I’ll happily ask Jenkins to build this branch once we’ve clarified a couple things (see below).
> it would also allow to document security concerns than people may encounter if they try it by themself (like the fact mac spoofing will not work, or only change the usb<>ethernet interface).
Earlier you wrote “Verify if desactivating mac spoofing is necessary” as a next step. I don’t understand if you did that nor what’s the conclusion. Can you please describe what a user has to do in order to use iPhone USB tethering thanks to this branch? Do they need to disable MAC spoofing in the Greeter?
And to extend the scope of the above question a bit: on this branch, can a user configure USB tethering using GNOME / Network Manager GUI, just like Wi-Fi?
Finally, I don’t understand what you mean with “or only change the usb<>ethernet interface”. If this is important, please clarify :)
#10 Updated by intrigeri 2019-08-15 06:41:50
Note to our future selves: we removed ipheth-utils
in 2014 via commit:9a4cb45509df083a2c4a18c6c07fafdb40331bff based on a misunderstanding: “the bug log indicates that this package is obsolete nowadays in a desktop environment” is not correct. Instead, https://bugs.debian.org/751218 indicates that one of the tools shipped by this package (namely: ipheth-pair
) is not needed anymore. But the rest of the package is still useful.
#11 Updated by geb 2019-08-15 10:06:20
Hi,
Thanks for the reply and for your questions :)
intrigeri wrote:
> > it would also allow to document security concerns than people may encounter if they try it by themself (like the fact mac spoofing will not work, or only change the usb<>ethernet interface).
>
> Earlier you wrote “Verify if desactivating mac spoofing is necessary” as a next step. I don’t understand if you did that nor what’s the conclusion. Can you please describe what a user has to do in order to use iPhone USB tethering thanks to this branch? Do they need to disable MAC spoofing in the Greeter?
I did test a bit quickly, mostly trying to have it working. I have to verify if it is necessary, or not.
>
> And to extend the scope of the above question a bit: on this branch, can a user configure USB tethering using GNOME / Network Manager GUI, just like Wi-Fi?
For both iphones and android, USB Tethering exposes a virtual ethernet device, which is detected and put up by Network Manager. I’ll check if Network Manager allows to configure it but I don’t expect it to allow much configuration, just like any other ethernet interface.
>
> Finally, I don’t understand what you mean with “or only change the usb<>ethernet interface”. If this is important, please clarify :)
As tethering exposes a virtual ethernet device, even if mac spoofing did work it will only change this virtual ethernet device, and would never change the phone Wifi / 4G interface.
As it may be a bit counter-intuitive, I tend to beleive this is the kind of things which could be interesting to document to avoid users putting them at risk, by beleiving the phone Wifi/4G address will be spoofed.
Its already possible to use USB Tethering with Android phones with the same limitations. Thus, I though that adding the support for the second main phone vendor could be a good opportunity to document how to use it. It may be a good complement to https://tails.boum.org/support/known_issues/index.en.html#index2h1 and would allow to clarify those counter-intuitive limitations, but its just a suggest :)
#12 Updated by geb 2019-08-15 10:07:02
- Assignee changed from geb to intrigeri
#13 Updated by intrigeri 2019-08-15 17:50:55
- Assignee changed from intrigeri to geb
Hi @geb!
> intrigeri wrote:
>> Earlier you wrote “Verify if desactivating mac spoofing is necessary” as a next step. I don’t understand if you did that nor what’s the conclusion. Can you please describe what a user has to do in order to use iPhone USB tethering thanks to this branch? Do they need to disable MAC spoofing in the Greeter?
> I did test a bit quickly, mostly trying to have it working. I have to verify if it is necessary, or not.
Yes, please :)
>> And to extend the scope of the above question a bit: on this branch, can a user configure USB tethering using GNOME / Network Manager GUI, just like Wi-Fi?
> For both iphones and android, USB Tethering exposes a virtual ethernet device, which is detected and put up by Network Manager. I’ll check if Network Manager allows to configure it but I don’t expect it to allow much configuration, just like any other ethernet interface.
Sorry I was unclear! My question was about “configuring” as in “do the bare minimum that’s needed to get Internet access”.
If that’s exposed as an ethernet (presumably wired?) device, I expect Tails will automatically DHCP on it and get an IP, default route, and DNS resolver, which is good enough. Correct?
>> Finally, I don’t understand what you mean with “or only change the usb<>ethernet interface”. If this is important, please clarify :)
> As tethering exposes a virtual ethernet device, even if mac spoofing did work it will only change this virtual ethernet device, and would never change the phone Wifi / 4G interface.
I see, thank you.
> As it may be a bit counter-intuitive, I tend to beleive this is the kind of things which could be interesting to document to avoid users putting them at risk, by beleiving the phone Wifi/4G address will be spoofed.
FTR that’s also the case with some 3G/4G USB adapters (I have one that runs… Android! and acts as a DHCP router + virtual Ethernet device) and when using one’s pocket computer (aka. “smartphone”) as a Wi-Fi access point. So IMO documenting this is not a blocker for adding iPhone USB tethering support. But I’ll trust sajolida to make the right decision in this respect.
> Assignee changed from geb to intrigeri
Thinks have changed recently and we tend not to reassign tickets anymore merely to ask someone’s input or when answering their questions. Instead, you can use e.g. “@intrigeri” and I’ll get notified, while keeping the ticket assigned to its current owner (in this case: you, as this branch is not ready until you report about the MAC spoofing thing). Cheers!
#14 Updated by geb 2019-08-15 18:27:53
Hi ! Thanks for your replies :)
I’ll summarize the tests I made / will make in the following table :
Model | IOS | Tested with | 4G sharing | Wifi sharing | Mac spoofing desactivation needed |
---|---|---|---|---|---|
IPhone 6S | 12.1.4 | Tails 3.13.2 + Additional software feature | Ok | Not available | Yes |
IPhone 7 | 12.3.1 | Tails 3.15 + Additional software feature | Ok | Not available | Yes |
IPhone 6 | 12.4 | Tails 3.15 + Additional software feature | Ok | Not available | Yes |
#15 Updated by geb 2019-08-15 18:47:19
intrigeri wrote:
> Sorry I was unclear! My question was about “configuring” as in “do the bare minimum that’s needed to get Internet access”.
> If that’s exposed as an ethernet (presumably wired?) device, I expect Tails will automatically DHCP on it and get an IP, default route, and DNS resolver, which is good enough. Correct?
>
Yes. It just works™ :)
#16 Updated by sajolida 2019-08-22 10:58:52
I tried on Android and could get a virtual wired connection without disabling MAC spoofing in Tails Greeter.
I’ll document this in Feature #16987.
#17 Updated by sajolida 2019-08-22 10:59:21
- related to Feature #16987: Document USB tethering added
#18 Updated by intrigeri 2019-09-12 12:37:17
- Target version deleted (
Tails_4.0)
Please set a target version once you’ve completed your tests and deem the branch ready for another round of review :)
#19 Updated by geb 2019-09-18 16:11:26
Hi,
Sorry for the delay. I updated the table in Feature #16180#note-14 to add other models tested (and corrected a typo in the IOS version).
So far I can confirm that :
- Iphones don’t allows Wifi sharing, only 3/4G
- Mac spoofing desactivation is necessary, otherwise spoof-mac shutdowns the module :
<code class="text">
amnesia spoof-mac[2062]: macchanger failed for NIC eth1, returned 1 and said: [ERROR] Could not change MAC: interface up or insufficient permissions: Operation not supported
Current MAC: XX:XX:XX:XX:XX:XX (unknown)
Permanent MAC: XX:XX:XX:XX:XX:XX (unknown)
amnesia spoof-mac[2063]: Failed to spoof MAC address of NIC eth1. Going into panic mode.
amnesia laptop-mode[2073]: enabled, active
amnesia usbmuxd[1390]: [16:40:37.234][1] config_get_device_record: failed to read '/var/lib/lockdown/5e7412667cef2d8a29569353d4d5ea9f4636a7e3.plist': No such file or directory
amnesia kernel: usbcore: deregistering interface driver ipheth
amnesia kernel: ipheth 2-1.2:4.2: Apple iPhone USB Ethernet now disconnected
amnesia spoof-mac[2117]: Successfully unloaded module ipheth of NIC eth1.
</code>
#20 Updated by geb 2019-09-18 16:23:11
For the record, mac spoofing works fine with Android (even if it doesn’t have any real sense), thats why it doesn’t need to be desactivated, at least in the model I tried
#21 Updated by intrigeri 2019-09-19 08:36:21
- Feature Branch changed from geb/tails/feature/feature/16180-iphone-tethering-support to geb:feature/feature/16180-iphone-tethering-support
#22 Updated by intrigeri 2019-09-19 08:36:34
- Feature Branch changed from geb:feature/feature/16180-iphone-tethering-support to geb:feature/16180-iphone-tethering-support
#23 Updated by intrigeri 2019-09-19 08:37:23
- Status changed from In Progress to Resolved
- % Done changed from 0 to 100
Applied in changeset commit:tails|71b9fddeb7c7cc65e63256d5b522d8a606ab6dea.
#24 Updated by intrigeri 2019-09-19 08:38:37
- Target version set to Tails_4.0
Thanks, merged into devel, will be in 4.0!
#25 Updated by intrigeri 2019-09-19 10:10:59
- Status changed from Resolved to In Progress
- Assignee changed from geb to intrigeri
- % Done changed from 100 to 80
I had to revert this because it makes our devel branch FTBFS. Sorry I did not try building before merging! I’ll fix that FTBFS.
#26 Updated by intrigeri 2019-09-19 11:13:15
- Status changed from In Progress to Resolved
- % Done changed from 80 to 100
Applied in changeset commit:tails|988988188874d26c70aa2f2bbee298bef7106893.