Jo's iPhone, Pat's laptop: Why giving a device your name is a serious privacy risk

Protocols that leak your hostname on a network are a hidden threat to your privacy, say researchers.
Written by Liam Tung, Contributing Writer

Proud Apple owners tend to be particularly bad at giving away more identifying information in naming their device than they should.

Image: Sarah Tew/CNET

Using your first and or last name to designate your phone might seem harmless. But combined with other information, that hostname can reveal a user's identity, where they work, and potentially their social networks.

The warning comes in a new informational memo from the Internet Engineering Task Force (IETF), entitled 'Current Hostname Practice Considered Harmful', which homes in on internet protocols that leak device hostnames.

Its authors are Christian Huitema, a former Microsoft employee who helped implement MAC Address Randomization in Windows 10; Dave Thaler from Microsoft Research; and Rolf Winter, a professor at the University of Applied Sciences Augsburg in Germany.

Specifically, the memo is concerned about a variety of internet protocols, such as Multicast DNS (mDNS), that can leak hostnames. Combined with a database of network users or access to Lightweight Directory Access Protocol (LDAP) servers on a network, "the identification of the device owner can become trivial given only partial identifiers in a hostname", they write.

"The disclosure of information through hostnames creates a problem for mobile devices," they continue. "Adversaries who monitor a remote network such as a Wi-Fi hotspot can obtain the hostname through passive monitoring or active probing of a variety of internet protocols, such as DHCP or Multicast DNS.

"They can correlate the hostname with various other information extracted from traffic analysis and other information sources, and they can potentially identify the device, device properties, and its user," they say.

The memo follows a recent paper co-authored by Winter that looked at the way apps such as Dropbox, Spotify, Stea,m and BitTorrent Sync are increasingly using broadcast protocols on a local network, for example, for speedier synchronization of shared directories.

The study showed it is possible to use a combination of data to identify students on a university network, what courses they study, when they are online, and who their peers are. They noted that NetBIOS over TCP/IP and mDNS protocols are prime examples of protocols that leak hostnames.

"Protocol designers have certainly made sure that when presented with their protocol's information alone, a passive observer will not be able to make any good use of it. However, since other applications also broadcast information, these data sources can be combined to learn about devices, users and groups of users on the network," they wrote.

Key to identifying and building the social graph for network users is the finding that most people use their first and/or last names as part of their device's hostname. The data set included over 5,000 hostnames and 10,000 MAC addresses. It found 2,900 first names and 929 last names used as part of the hostname.

And since the university's Lightweight Directory Access Protocol (LDAP) server was accessible from the campus network, they were able to match records it held with the hostnames collected, and narrow potential candidates down by separating out unique names in the LDAP list.

Of 8,400 records from the LDAP server, they found 1,300 had a unique first name, while 4,564 had a unique last name.

Additionally, it found that Apple users more than others tended to add other identifying information, for example, by having names like 'iPhone von John Doe', suggesting the user is German-speaking.

The authors of the IETF memo suggest fixing the privacy risk by randomizing hostnames in a similar fashion to the way MAC randomization occurs. So, at the time a device connects to a new network, it would pick a random hostname and publicize that in leaky protocols.

"This will render monitoring and identification of users by adversaries much more difficult without preventing protocols such as DNS-SD from operating as expected," the researchers write.

"This, of course, has implications on the applications making use of such protocols, eg, when the hostname is being displayed to users of the application. They will not as easily be able to identify, eg, network shares or services based on the hostname carried in the underlying protocols."

Read more about security

Editorial standards