I wrote this after a bad week at a previous job trying to get an Android device to work with a CDC Ethernet adapter.
Since writing this, a couple people have let me know that there is a particular bit in the MAC address, that if flipped, will cause the kernel to assign an `ethX` name instead of `usbX` name. I haven't tried it myself or updated the post with that information because I moved on to a different job, and Android devices are no longer a large part of my life.
Of course, that only helps if you have a CDC device where you're in control of the MAC address (i.e. maybe another Linux device pretending to be a CDC adapter)
rcxdude · 5h ago
This might actually help me out! Did you find what bit it is?
It was later reverted[1] because "there are devices in the field using usbX interfaces for tethering". Shortly after that, it got re-landed but only supported Android V+[2]
It’s not really obfuscation. It goes back to when Android OS’s used to be named after desserts. While in development they would be referred to just by the letter as the dessert name wasn’t usually finalized
throwaway314155 · 1h ago
It's not deliberate obfuscation. But the end result is still obfuscated.
fc417fc802 · 2h ago
I have the same thought every time marketing at a major OEM changes a systematic naming scheme.
franga2000 · 6h ago
Looking at the LineageOS commit history, it seems seems this has been fixed [0], reverted [1] due to compatibility issues, then unreverted again [2] but only for the latest Android versions. If I'm reading the commits right, someone at Google was involved, so this might be in the official Google build now.
There is no way to work around this, short of rooting the phone to change the value of config_ethernet_iface_regex.
Another reason why having root is important on a device that you own.
bigyabai · 6h ago
Being able to arbitrarily redirect networking traffic is perhaps the single greatest reason to not have superuser privs in userland. I support anybody that wants to pressure OEMs into allowing bootloader unlocks, but I also can't name a use for root that justifies the insanely expanded surface area for attackers, at least on Android.
Zak · 6h ago
Do you believe the same thing about desktop PCs?
bigyabai · 6h ago
Yes? I don't use a single computer I own as root.
Zak · 5h ago
Few people do; "don't use root as your primary login" has been standard advice for decades. Do you ever use sudo or equivalent?
beeflet · 5h ago
I've used sudo before, but I find that it is really difficult to type with the safety gloves on because I keep fatfingering the password and locking myself out.
My family recently got me a new computer setup that won't require sudo and other practices considered harmful. It even does shapes, colors, and animal sounds, which is good enough for my use case.
zoky · 5h ago
Oh wow, you got on the Windows 12 Preview somehow?
Wowfunhappy · 4h ago
...you're clearly being sarcastic but I don't get the joke.
It feels ontologically wrong to me to constantly beg my own computer for permissions to do things. I always use root on Linux, and my Gentoo machines don't even have a non-root account. (I get great satisfaction from compiling VLC to let me run it as root as well as patching Dolphin and other apps to not complain about it.) On Windows I always use an admin account and disable all UAC prompts. I've managed to have no incidents since I started this policy a decade ago by simply not downloading malware or using 123 as my password on an open SSH port. Go figure.
smt88 · 2h ago
So you don't understand why seatbelts were invented and your evidence that they're unnecessary is that you personally haven't gotten into a car accident.
"Not downloading malware" is everyone's default stance, but no one can identify all of it.
And that's only a single vector out of many. Security flaws exist in even the best operating systems that make you vulnerable even when doing everything "right" (which you emphatically are not).
diogocp · 28m ago
There's a difference between choosing to wear a seatbelt and being chained to the seat by the car manufacturer, who then refuses to release you "for your own safety".
josephg · 1h ago
My problem with this argument is that my user data is by far the most valuable thing on my computer. Almost nothing that gets protected by “root” really matters much. What I really want is a way to protect all my user data from rogue programs, but I have no way to do that on modern computers. Any program I run with my regular user account can steal or delete all of my data already. When my data is so trivially at risk, who cares if a bad program can also wipe my OS or something? I can reinstall Linux. I can’t get my data back if someone steals it.
jimmaswell · 1h ago
I wear seatbelts (but I'm proud of my state for being the only one not to force adults to) because a car crash is much more likely than being victim to a zero-day vulnerability.
1231232131231 · 3h ago
Every person I know who uses a Windows computer uses an account with Administrator privileges on their own computer.
baby_souffle · 3h ago
I think that's just legacy holdover largely mitigated by some of the user account access control stuff introduced with Vista. Also, administrator isn't the same as root. That would be more like system level access which is not the default level for Windows accounts.
fc417fc802 · 1h ago
Administrator on windows has been severely restricted since at least the debut of windows 7 if not earlier.
gsich · 3h ago
That wasn't the question.
userbinator · 6h ago
The corporate FUD has gotten strong enough that people are getting scared of freedom. That should disturb you more than any perceived paranoia about "attackers".
stavros · 5h ago
Seriously, people are acting like the "do you want to give this application elevated privileges" popup is some arcane magick that we as a race can never hope to possess.
EvanAnderson · 4h ago
While I agree with you, without using a more granular permission paradigm I get more than a little antsy giving third-party software arbitrary access to even my standard user's privileges on Windows.
I've been using a dedicated computer for banking / finance work for a few years now. I also run some software that I consider less trustworthy on my "daily driver" Windows PC as a dedicated user, separate from my "daily driver" account.
I really need to make the jump to Qubes. I've been meaning to for years. The learning curve for their contrivances seems steep and I'm lazy.
stavros · 3h ago
Oh yeah, definitely, but mobile OSes do this fairly well. Windows just asks if you want to give access to everything or not, of course you're always going to click yes, especially if the program doesn't work without it.
dwattttt · 1h ago
There's plenty of actually granular permissions; they're just not used by anyone.
How many people on Windows create separate user accounts, run programs as those accounts (hello runas), & set ACLs?
ben0x539 · 2h ago
Five minutes after this popup exists, you won't be able to run any of the big "can't participate in your social life without these" apps anymore without granting them those elevated privileges.
stavros · 2h ago
I'm in the EU, that doesn't fly here.
bigyabai · 5h ago
That really should not surprise people when their smartphone has been telling them it is the wrong design pattern for over a decade.
Point the finger at whoever you want. If you need to find who broke the bicycle for the mind, I think most of us know who's responsible.
stavros · 5h ago
I'm not sure what you mean, I find smartphones' "do you want to allow this application access to X?" a pretty understandable and secure pattern.
lucasban · 4h ago
Most users have no interest in developing the skills to handle that level of freedom responsibly. I think it should be an option, but it is unfair to say this is only corporate FUD.
lurking_swe · 4h ago
agreed.
for the vast majority of consumers and employees this is like using a bazooka to kill a mosquito. Unnecessary and dangerous. But for some EXPERTS (IT/Tech professionals) and hobbyists, it’s crucial to their workflow.
Having the _option_ is a must.
sroussey · 3h ago
Agree, but how it is enabled is important.
The same popup that asks for microphone access but now says the word root in its place, and a consumer is like “not sure what root is, maybe they meant toot!”
And then their whole machine is compromised.
ruszki · 23m ago
The problem is that the bar needs to be moved higher and higher, to a level nowadays which would be annoying to most of us who know what they are doing.
20 years ago if I started to list ip addresses to my ISP on the phone I got somebody technical immediately. This doesn’t work anymore, because people know more about this. This caused that for example I could only turn WiFi on or off on my ISP’s router and nothing else without a specific request to them, a manual restart to my router days later, and I need to use a terrible buggy software.
These kind of things unfortunately also restrict beginners, or people who without such barriers would start to tinker, and eventually learn to do these safely. Even I waited for weeks with the call, who have been configuring routers for 25 years.
I’m installing now a self hosted OwnTracks on docker. A lot of beginner started to do the same. They make rookie mistakes all the time. Let them make those mistakes.
I would have never learned what I know without the freedom of making mistakes.
spaqin · 1h ago
Ever since I remember if you wanted root on Android, you had to go out your way by flashing SuperSU, then Magisk or KernelSU; most users don't ever use that. Even more so, with few recent solutions like KernelSU or some Magisk forks you have to go out of your way again to whitelist the app before it can even ask for root - mostly for avoiding detection, but that does act as an extra layer of security.
I'm not too worried about security for normal users if we kept it that way. I just want not to have any extra roadblocks for the powerusers from the banks, Authy or McDonald's.
lurking_swe · 3h ago
often times we’re lucky if a user reads those popups at all. :)
rcxdude · 5h ago
It also, very annoyingly, can't connect to multiple networks at once. e.g. connecting to a wifi network which doesn't have internet access (and doesn't even advertise a default route) and a cell phone network at the same time. Linux can do it, Windows can do it, Android stubbornly refuses (and indeed many variants will refuse to stay connected to a wifi network without internet, if not just make you jump through confusing hoops). There are some APIs which mean that if you write an app, you can do it just in the app, but there's no way as a user to get it to do so.
OptionOfT · 5h ago
Same with iOS. When I connect to my dashcam to download some videos I get a pop-up after a while that is like: "No internet detected, switch to cellular?" I tap remain connected. No option to disable that.
And even though I wanted to stay connected, iOS decides it knows better and reconnects to my Carplay network.
Aurornis · 3h ago
This actually works fine on iOS when the app is implemented properly. I have multiple devices where I do this without issue.
I’m guessing your dash cam app is not implemented correctly.
raron · 3h ago
As far as I remember this have a solution for both Android and iPhone. Probably your dashcam just doesn't implemented them right.
This is incredibly annoying. If my internet goes down I'm unable to diagnose it from my phone because it won't stay connected to the WiFi that doesn't have internet. DNS is also messed up on Android, it refuses to use the Dhcp supplied dns without having to set multiple options and even then some internal dns refuses to resolve.
spaqin · 1h ago
It's even more annoying when you go to mainland China with your western Android phone. They determine internet connection by trying to connect to Google services. If you connect to a local WiFi, of course it won't go through the Great Firewall, and every single time will prompt you asking if you want to keep the internet-less connection.
kimixa · 3h ago
Also check for firmware requirements - some devices enumerate but fail on ifup without firmware available. The android UI naturally can't cope with this, only dmesg tells you what's going on. Though not sure if CDC devices require this? Though a lot of adapters are (were?) based on Realtek or Kawasaki chips that did.
I guess this android change is relatively recent though, as we regularly used USB network dongles on our debug devices (that used 100% "Vanilla" AOSP). Or perhaps a kernel change, or a quirk of the CDC driver to name the device usb*? You just had to be careful which chipset the dongle used and ensure it didn't need any firmware.
hypercube33 · 6h ago
Thats super weird. I have like 15 USB ethernet adapters and all of them work just fine. I'm pretty sure they are a few different chipsets from Realtek and AXIS or something like that, too. If you get ones that dont need drivers on linux you're good to go with pretty much any OS and BIOS
Yeah I came to say ethernet adapter on my thunderbolt/usb dock works just fine on my on my pixel 5 and pixel 9 phones
Zak · 5h ago
A related thing that used to annoy me is that vanilla Android wouldn't connect to ad-hoc WiFi networks. Third-party ROMs usually would, so it wasn't due to a hard problem.
The bug report had a two-digit number and Google steadfastly refused to fix it for years. I haven't seen an ad-hoc network in a long time, but they were common when Android was young.
tripdout · 7h ago
cs.android.com is a simpler alternative than downloading the whole 100+ Gb source.
MBCook · 7h ago
The article says that iOS doesn’t support CDC Ethernet adapters. But I’ve plugged just standard USB ethernet adapters into my phone and had them work.
Does iOS communicate with them using some other standard?
robingchan · 6h ago
yes - ASIX / realtek chipsets are whats in your generic dongle, the drivers for which are bundled in iOS. CDC ECM is not supported.
I found this out when using CAN bus to ethernet on iPhone
brigade · 5h ago
macOS definitely does not ship drivers for Realtek’s vendor protocol, and only supports them via ECM/NCM. Are you claiming iOS is the exact opposite?
kccqzy · 3h ago
Well macOS ships with something called AppleUSBRealtek8153Patcher (aka com.apple.driver.usb.realtek8153patcher). I'm not sure if this uses proprietary Realtek protocols, but it's pretty well known that this patcher does not work reliably on macOS. These days I only use Realtek 8156 on macOS (which uses NCM). And I just tested the 8156 on iOS; in fact this comment is transmitted by iOS to HN via a 8156 dongle.
ahepp · 2h ago
I'm working on an embedded system right now that has two CDC ethernet devices. One shows up as ethX and the other shows up as usbX. Maybe it's because one is CDC EEM and the other is CDC ECM? But I don't think this is generally true for all CDC ethernet.
Why is this buried almost at the end of the article? Why even mention it at that point?
andix · 5h ago
Rule of thumb: Explain every abbreviation the first time it is used in an article or a meeting. Only really obvious things like USB or HTTP can be skipped.
stavros · 5h ago
Thank you, I decided to say "fuck it" and read the entire article mentally expanding it into "center for disease control devices", and I have no regrets.
kps · 4h ago
I doesn't surprise me that Android doesn't support any Ethernet hardware made by Control Data Corporation.
MBCook · 16m ago
This was the name I had been reading until the post explained it as well.
secondcoming · 6h ago
The Android code also allowed for 'test interfaces'. I wonder why the author didn't go down that path.
The Android revert message is also interesting:
there are devices in the field using usbX interfaces for tethering
What's the problem with this?
jeroenhd · 5h ago
From what I can tell, the code that the patch covered is responsible for configuring the network interface as a client.
If another system on the phone brings up the interface as a host device to tether internet to a second device, you end up with the phone trying to configure the interface both as a router and as a client.
rcxdude · 5h ago
This. In general interface names are arbitrary and not a good way to determine anything about what it's connected to, but the usb vs eth distinction is particularly bad, because linux will use either for either 'end' of a link.
throwaway314155 · 1h ago
Truly curious to why this is the top article when even the author admits it's no longer accurate. Slow news day I guess.
ck2 · 6h ago
My tablet with lineageOS works with very few select usb-ethernet adapters (ASIX AX88179 chipset)
But since it doesn't support charging while in OTG host mode, it cannot stay plugged into the adapter for long (old battery)
Some newer devices like Samsung support ACA OTG (Accessory charging adaptor)) with charging while powering the adapter
myself248 · 5h ago
Another fun reason for wireless charging -- sometimes it's just easier to sneak power into the device by a side-channel than to try to find the right chain of adapters.
Marsymars · 5h ago
What’s old is new again; Windows Phone devices did USB charging + ethernet (+ display) a decade ago.
russellbeattie · 6h ago
I had to look it up: CDC stands for "USB Communications Device Class".
I've never once tried to hook any of my many, many Android devices over the last decade+ to wired Ethernet using a USB adapter, but I had assumed it would just work if I did. Interesting.
dfc · 5h ago
Instead of looking it up you could have read the article:
So what’s this about CDC Ethernet and why should I care?
CDC stands for Communications Device Class.
russellbeattie · 4h ago
Right. Beyond half way through the article. I saw it, but was so baffled through the top half, I had already searched for it before I continued. I figured someone else would want to know. There's even another comment saying the exact same thing.
Regardless, my comment was mostly about how I had never run into the issue.
Since writing this, a couple people have let me know that there is a particular bit in the MAC address, that if flipped, will cause the kernel to assign an `ethX` name instead of `usbX` name. I haven't tried it myself or updated the post with that information because I moved on to a different job, and Android devices are no longer a large part of my life.
Of course, that only helps if you have a CDC device where you're in control of the MAC address (i.e. maybe another Linux device pretending to be a CDC adapter)
(Ah, I think I found it: https://lkml.iu.edu/hypermail/linux/kernel/1103.2/03250.html )
It now appears as eth0 and routes created only after turning off the Wi-Fi, DHCP is obtained regardless.
ECM scores 270Mbit, RNDIS 150Mbit.
Mobile hotspots/dongles with MAC address modification should work. (currently detected as usb0)
[1]: https://gist.github.com/TalalMash/c20e6aa237e1f123ddf9686a07...
Looked up the source and it appears the regex was changed from `eth\\d` to just `*` in October 2023, presumably fixing this issue:
https://android-review.googlesource.com/c/platform/packages/...
The description says "The default will include both usb\d+ and eth%d named interfaces on Android U+", "U+" being version 14 I think (https://en.wikipedia.org/wiki/Android_version_history)
[1]: https://android-review.googlesource.com/c/platform/packages/...
[2]: https://android-review.googlesource.com/c/platform/packages/...
U = Android 14
V = Android 15
[0] https://github.com/LineageOS/android_packages_modules_Connec... [1] https://github.com/LineageOS/android_packages_modules_Connec... [2] https://github.com/LineageOS/android_packages_modules_Connec...
Another reason why having root is important on a device that you own.
My family recently got me a new computer setup that won't require sudo and other practices considered harmful. It even does shapes, colors, and animal sounds, which is good enough for my use case.
"Not downloading malware" is everyone's default stance, but no one can identify all of it.
And that's only a single vector out of many. Security flaws exist in even the best operating systems that make you vulnerable even when doing everything "right" (which you emphatically are not).
I've been using a dedicated computer for banking / finance work for a few years now. I also run some software that I consider less trustworthy on my "daily driver" Windows PC as a dedicated user, separate from my "daily driver" account.
I really need to make the jump to Qubes. I've been meaning to for years. The learning curve for their contrivances seems steep and I'm lazy.
How many people on Windows create separate user accounts, run programs as those accounts (hello runas), & set ACLs?
Point the finger at whoever you want. If you need to find who broke the bicycle for the mind, I think most of us know who's responsible.
for the vast majority of consumers and employees this is like using a bazooka to kill a mosquito. Unnecessary and dangerous. But for some EXPERTS (IT/Tech professionals) and hobbyists, it’s crucial to their workflow.
Having the _option_ is a must.
The same popup that asks for microphone access but now says the word root in its place, and a consumer is like “not sure what root is, maybe they meant toot!”
And then their whole machine is compromised.
20 years ago if I started to list ip addresses to my ISP on the phone I got somebody technical immediately. This doesn’t work anymore, because people know more about this. This caused that for example I could only turn WiFi on or off on my ISP’s router and nothing else without a specific request to them, a manual restart to my router days later, and I need to use a terrible buggy software.
These kind of things unfortunately also restrict beginners, or people who without such barriers would start to tinker, and eventually learn to do these safely. Even I waited for weeks with the call, who have been configuring routers for 25 years.
I’m installing now a self hosted OwnTracks on docker. A lot of beginner started to do the same. They make rookie mistakes all the time. Let them make those mistakes.
I would have never learned what I know without the freedom of making mistakes.
I'm not too worried about security for normal users if we kept it that way. I just want not to have any extra roadblocks for the powerusers from the banks, Authy or McDonald's.
And even though I wanted to stay connected, iOS decides it knows better and reconnects to my Carplay network.
I’m guessing your dash cam app is not implemented correctly.
https://developer.apple.com/forums/thread/13164
No comments yet
I guess this android change is relatively recent though, as we regularly used USB network dongles on our debug devices (that used 100% "Vanilla" AOSP). Or perhaps a kernel change, or a quirk of the CDC driver to name the device usb*? You just had to be careful which chipset the dongle used and ensure it didn't need any firmware.
https://news.ycombinator.com/item?id=44219502
No comments yet
The bug report had a two-digit number and Google steadfastly refused to fix it for years. I haven't seen an ad-hoc network in a long time, but they were common when Android was young.
Does iOS communicate with them using some other standard?
I found this out when using CAN bus to ethernet on iPhone
Why is this buried almost at the end of the article? Why even mention it at that point?
The Android revert message is also interesting:
What's the problem with this?If another system on the phone brings up the interface as a host device to tether internet to a second device, you end up with the phone trying to configure the interface both as a router and as a client.
But since it doesn't support charging while in OTG host mode, it cannot stay plugged into the adapter for long (old battery)
Some newer devices like Samsung support ACA OTG (Accessory charging adaptor)) with charging while powering the adapter
I've never once tried to hook any of my many, many Android devices over the last decade+ to wired Ethernet using a USB adapter, but I had assumed it would just work if I did. Interesting.
So what’s this about CDC Ethernet and why should I care?
CDC stands for Communications Device Class.
Regardless, my comment was mostly about how I had never run into the issue.