TU Darmstadt / ULB / TUbiblio

A Billion Open Interfaces for Eve and Mallory : MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link

Stute, Milan ; Narain, Sashank ; Mariotto, Alex ; Heinrich, Alexander ; Kreitschmann, David ; Noubir, Guevara ; Hollick, Matthias (2020)
A Billion Open Interfaces for Eve and Mallory : MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link.
28th USENIX Security Symposium (USENIX Security 19). Santa Clara, USA (14.-16.8.2019)
doi: 10.25534/tuprints-00013264
Konferenzveröffentlichung, Zweitveröffentlichung, Verlagsversion

Kurzbeschreibung (Abstract)

Apple Wireless Direct Link (AWDL) is a key protocol in Apple's ecosystem used by over one billion iOS and macOS devices for device-to-device communications. AWDL is a proprietary extension of the IEEE 802.11 (Wi-Fi) standard and integrates with Bluetooth Low Energy (BLE) for providing services such as Apple AirDrop. We conduct the first security and privacy analysis of AWDL and its integration with BLE. We uncover several security and privacy vulnerabilities ranging from design flaws to implementation bugs leading to a man-in-the-middle (MitM) attack enabling stealthy modification of files transmitted via AirDrop, denial-of-service (DoS) attacks preventing communication, privacy leaks that enable user identification and long-term tracking undermining MAC address randomization, and DoS attacks enabling targeted or simultaneous crashing of all neighboring devices. The flaws span across AirDrop's BLE discovery mechanism, AWDL synchronization, UI design, and Wi-Fi driver implementation. Our analysis is based on a combination of reverse engineering of protocols and code supported by analyzing patents. We provide proof-of-concept implementations and demonstrate that the attacks can be mounted using a low-cost ($20) micro:bit device and an off-the-shelf Wi-Fi card. We propose practical and effective countermeasures. While Apple was able to issue a fix for a DoS attack vulnerability after our responsible disclosure, the other security and privacy vulnerabilities require the redesign of some of their services.

Typ des Eintrags: Konferenzveröffentlichung
Erschienen: 2020
Autor(en): Stute, Milan ; Narain, Sashank ; Mariotto, Alex ; Heinrich, Alexander ; Kreitschmann, David ; Noubir, Guevara ; Hollick, Matthias
Art des Eintrags: Zweitveröffentlichung
Titel: A Billion Open Interfaces for Eve and Mallory : MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link
Sprache: Englisch
Publikationsjahr: 2020
Ort: Darmstadt
Publikationsdatum der Erstveröffentlichung: 2019
Ort der Erstveröffentlichung: Berkeley, CA
Verlag: USENIX Association
Buchtitel: Proceedings of the 28th USENIX Security Symposium
Veranstaltungstitel: 28th USENIX Security Symposium (USENIX Security 19)
Veranstaltungsort: Santa Clara, USA
Veranstaltungsdatum: 14.-16.8.2019
DOI: 10.25534/tuprints-00013264
URL / URN: https://tuprints.ulb.tu-darmstadt.de/13264
Zugehörige Links:
Herkunft: Zweitveröffentlichungsservice
Kurzbeschreibung (Abstract):

Apple Wireless Direct Link (AWDL) is a key protocol in Apple's ecosystem used by over one billion iOS and macOS devices for device-to-device communications. AWDL is a proprietary extension of the IEEE 802.11 (Wi-Fi) standard and integrates with Bluetooth Low Energy (BLE) for providing services such as Apple AirDrop. We conduct the first security and privacy analysis of AWDL and its integration with BLE. We uncover several security and privacy vulnerabilities ranging from design flaws to implementation bugs leading to a man-in-the-middle (MitM) attack enabling stealthy modification of files transmitted via AirDrop, denial-of-service (DoS) attacks preventing communication, privacy leaks that enable user identification and long-term tracking undermining MAC address randomization, and DoS attacks enabling targeted or simultaneous crashing of all neighboring devices. The flaws span across AirDrop's BLE discovery mechanism, AWDL synchronization, UI design, and Wi-Fi driver implementation. Our analysis is based on a combination of reverse engineering of protocols and code supported by analyzing patents. We provide proof-of-concept implementations and demonstrate that the attacks can be mounted using a low-cost ($20) micro:bit device and an off-the-shelf Wi-Fi card. We propose practical and effective countermeasures. While Apple was able to issue a fix for a DoS attack vulnerability after our responsible disclosure, the other security and privacy vulnerabilities require the redesign of some of their services.

Status: Verlagsversion
URN: urn:nbn:de:tuda-tuprints-132644
Sachgruppe der Dewey Dezimalklassifikatin (DDC): 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik
Fachbereich(e)/-gebiet(e): 20 Fachbereich Informatik
20 Fachbereich Informatik > Sichere Mobile Netze
Profilbereiche
Profilbereiche > Cybersicherheit (CYSEC)
LOEWE
LOEWE > LOEWE-Schwerpunkte
LOEWE > LOEWE-Schwerpunkte > NICER – Vernetzte infrastrukturlose Kooperation zur Krisenbewältigung
LOEWE > LOEWE-Zentren
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
Hinterlegungsdatum: 30 Nov 2020 12:20
Letzte Änderung: 20 Okt 2023 11:04
PPN:
Zugehörige Links:
Export:
Suche nach Titel in: TUfind oder in Google
Frage zum Eintrag Frage zum Eintrag

Optionen (nur für Redakteure)
Redaktionelle Details anzeigen Redaktionelle Details anzeigen