FORUMS

Wi-Fi Enabled on the LG G Watch R

XDA Recognized Developer Tasssadar managed to enable Wi-Fi connectivity on the LG G Watch R. … more

XDA Picks: Best Apps of the Week (May 15 – 30)

Apps are at the front and center of any smartphone experience, and with over a … more

Google No Longer Sending Calendar SMS Notifications

In a not entirely surprising move, Google announced that it’s putting an … more

Enable Multi-Window Mode on M Developer Preview

What was not mentioned in yeterday’s keynote was Android M’s multi-window … more

About VZW Remote Diagnostics/AetherPal

Thanks Meter: 49
 
By substanceD, Member on 25th March 2012, 10:42 AM
Post Reply Subscribe to Thread Email Thread
I've been doing some research into Verizon's new remote diagnostic app, so I'll share my findings here. The app in question is Aetherpal.apk, which is located in /system/app/ in the FP1 update for the Droid Charge. When the phone boots up, this app establishes a connection with AetherPal's server to establish a secure session, and though it's hard to tell exactly how this happens by reading the smali code, it appears to use a combination of AES (symmetric encryption) and cipher block chaining (each section of the message is passed through a block cipher) for encryption.

After establishing a session, the app idles until it receives either a special SMS message or a packet over HTTPS, which can instruct it perform a variety of functions. I'm still investigating what these are, but some of the status codes are for starting streaming, pausing streaming, and initiating remote control. The application logs the actions taken in the course of the session, and there is some sort of a user interface that shows the user what the remote operator is currently doing with the phone in real-time. The log is sent back to Verizon's AetherPal service running on AetherPal's servers, where presumably Verizon representatives can access it.

Here is a nice diagram that AetherPal has made concerning their service: http://aetherpal.com/architecture.html.

Well, that's it for now, but I'm going to continue investigating in more detail. In particular, I'm interested in how exactly the handshake happens during initialization, what information is logged (anything potentially sensitive?), and how much control remote operators have over the device. It would be good to confirm that some action is needed on the user's part to allow a remote operator to start controlling the device.
The Following 3 Users Say Thank You to substanceD For This Useful Post: [ View ]
 
 
25th March 2012, 01:22 PM |#2  
davwman's Avatar
Senior Member
Flag Centereach
Thanks Meter: 738
 
More
I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.
10th January 2013, 11:04 AM |#3  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by davwman

I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.

More info on Aetherpal:

www dot google dot com slash patents slash US20120254762

www dot w2bi dot com

aetherpal dot com

Strings from Aetherpal.apk :

Does verizon actually use this to help customers?
Attached Files
File Type: txt Aetherpal.txt - [Click for QR Code] (173.5 KB, 127 views)
10th January 2013, 11:35 PM |#4  
Antoneus1231's Avatar
Senior Member
Thanks Meter: 71
 
More
Thanks for bringing this to our attention. I hope your findings can tell us if vzw can tell if we are rooted through this "feature". It could possibly void a bunch of warranties.

However, if a device is stolen then I can see some benefits to it.

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .
11th January 2013, 10:01 PM |#5  
Junior Member
Thanks Meter: 0
 
More
Quote:
Originally Posted by davwman

I don't have anything with aetherpal anywhere. I also deleted all the remote diagnostic stufff with titanium. Wonder if that has anything to do with it.

Quote:
Originally Posted by Antoneus1231

Thanks for bringing this to our attention. I hope your findings can tell us if vzw can tell if we are rooted through this "feature". It could possibly void a bunch of warranties.

However, if a device is stolen then I can see some benefits to it.

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .

lines 3436-3437:

'VZW_DEVICE_NOT_ROOTED',
'VZW_DEVICE_ROOTED'
12th January 2013, 02:13 AM |#6  
Antoneus1231's Avatar
Senior Member
Thanks Meter: 71
 
More
Oh shoot. That isn't good is it...

Is that something that is transferred as it establishes a connection as you described or just a command that is available?

Can this be resolved by hiding root w an app?

. :: TSM Tweaked 3.2 . EXT4 . Lazarus 1225 . ADW EX . Vanilla Bean :: .
Last edited by Antoneus1231; 12th January 2013 at 02:17 AM.
12th January 2013, 04:42 AM |#7  
shrike1978's Avatar
Senior Member
Flag Atlanta, GA
Thanks Meter: 3,095
 
Donate to Me
More
I have had the automated system ask me for permission to allow a technician to remotely connected to my phone when I've called in a few times and denied it, and they never said another word about it once they were on the phone. My assumption is that there are some pretty strict privacy policies in place for it after all the fallout from the keylogger that other providers had been using.

To put it all in perspective though, I sent a Rezound in for a warranty exchange that was S-OFF and running CM9 and they never said a word about it.
The Following User Says Thank You to shrike1978 For This Useful Post: [ View ]
15th January 2013, 04:39 AM |#8  
THEbigSWEEN's Avatar
Senior Member
Thanks Meter: 308
 
More
Quote:
Originally Posted by shrike1978

I have had the automated system ask me for permission to allow a technician to remotely connected to my phone when I've called in a few times and denied it, and they never said another word about it once they were on the phone. My assumption is that there are some pretty strict privacy policies in place for it after all the fallout from the keylogger that other providers had been using.

To put it all in perspective though, I sent a Rezound in for a warranty exchange that was S-OFF and running CM9 and they never said a word about it.

Was that a Verizon, manufacturer, or third party warranty? Because I've heard of people sending their phones in to Samsung and having it rooted with no issues but if it's a warranty or repair through Verizon then they will cry voided warranty. Big surprise there. Luckily I've yet to have to send a phone in :knock on wood: and I froze sysscope with TiBu on my Charge just in case.

Side note: warranty is one of those words that the more you say it, the more it doesn't sound right
15th January 2013, 04:27 PM |#9  
shrike1978's Avatar
Senior Member
Flag Atlanta, GA
Thanks Meter: 3,095
 
Donate to Me
More
Straight through Verizon. I have the extra insurance, but I've never used it. I did replace my Charge twice and I've had to replace my Rezound three times. All of it from hardware issues, and most of it from poor QA on Verizons CLNR program.
Post Reply Subscribe to Thread
Previous Thread Next Thread
Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes