A Billion Open Interfaces For Eve And Mallory: MitM, DoS .

A Billion Open Interfaces for Eve and Mallory:MitM, DoS, and Tracking Attacks on iOS and macOSThrough Apple Wireless Direct LinkMilan Stute, Sashank Narain, Alex Mariotto, Alexander Heinrich,David Kreitschmann, Guevara Noubir, and Matthias HollickAugust 14, 2019 Milan Stute mstute@seemoo.tu-darmstadt.deUSENIX Security '19

Opening Up Apple’s Wireless EcosystemSuccessful usertracking, DoS,and MitM attacksUses proprietary AppleWireless Direct Link(AWDL) and BLEApple’s WirelessEcosystem 1.4 billion devices(iPhone, iPad, Mac)ReverseEngineeringOpen AWDL and AirDropimplementationsA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct LinkSecurity andPrivacy AnalysisProposed mitigations areadopted by Apple2

Vulnerabilities and AttacksUser TrackingRevealing MAC addressand hostnameCVE-2019-8567CVE-2019-8620Remote activationBrute force attack onBluetooth LE discoveryfixed in iOS 12.2(Selective) BlackoutCrashing devices wirelesslythrough corrupt framesCVE-2018-4368Denial-of-ServiceBreaking communicationvia desynchronizationCVE-2019-8612ττs1 44 0 0 0 0 0 0 0 6 44 44 0 0 0 0 0 44 0 0 0 0s20 0 0 0 44 44 44 44 0 0 0 0 6 44 44 44 0 0 0 0 44φ τ/4Man-in-the-MiddleIntercepting filestransmitted via AirDropfixed in iOS 13 betaA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link3

AirDropA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link4

Discovery: Bluetoothturn on AWDLimmediatelyBLE advertisementsincluding H1.4[0 : 1]JaneH1 SHA256(.@icloud.com) (your Apple ID)Hn include associated phone numbers and other email addressesA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct LinkJohnonly if any H1.4[0 :in address book51]

Discovery: AWDLSynchronize viaApple Wireless Direct Link*(provides Wi-Fi link layer)One Billion AApple W pples’ Secret Sauceireless Direct Link A : Recipe for theMilad hoc ProSecure Mo n Stutebile NetwotocolDavid Kreitscrking LabTU TJane* Stute et al. One Billion Apples’Secret Sauce: Recipe for theApple Wireless Direct Link Ad hocProtocol. ACM MobiCom ’18.nMobile NeTU Darmsta tworking Labdkreitschm dt, GermanyMatthias HoSecure Mollickbile Networking Labann@seemTU DarmstaApple Wireleoo.dedt,ss Direct Linmhollick@ Germanydocumentk (AWDL)ed IEEE 802seemoo.deACM Refis a proprie.11erence Forintroducedtary and unmat:Milan Stute,AWDL aro based ad hoc protocol. Apple rsDavid Kreund 2014into its entitschmannBillion Appandiret, and Matthiales’ Secretwe have fou product line, including has since integrateds Hollick.Sauce: RecLink Ad hocitnd that AWiPhone and2018. Oneipe forProtocol. Inas AirPlayDL driveson MobileThe 24th Ann the Apple Wirelesspopular app Mac. Whileand AirDroComputingDirectual Internalicap on moredevices, neiandNovemberthan one bill tions suchther the pro2, 2018, New Networking (MobiC tional Conferencetocol itselfWi-Fi coexistom ’18), Oction end-us15 pages. httpDelhi, Indnor potentober 29–eria. ACM,ence issuess://doi.oNew York,ial securityrg/10.1145/3present thehave beenNY, USA,241539.324andstudied. Inoperation1566of the prothis paper,and runtimtoc1 IN TRwee analysis.In short, eac ol as the result of binODUCTIONsequence ofaryh AWDL nodAvailabilityApple Wirelee announcesness to comWindowsss Direct Lin(AWs) indicatamunicatedeployedwitmaster noding its readiin about 1.2 k (AWDL) is a propriee synchroni h other AWDL nod1billoftary protocApple’s maion end-uses. An elezes these seqnodes canolin producter devicesctedtune theiruences. OuApple Wafamilies succonsistingWi-Fi radcommunictch,h as Mac,io to a di tside the AWs,atevices contain and Apple TV—e ectiPhone, iPaerent channesave energy with an access poid,ively all recing a Wi-Fil tont, or cou. Based onentprochip. Appletocol but onlApld turn itourto study thedoes not adv ple deo toy vaguelymaster elec analysis, we conducFi”refers to ittechnologertise thet experimentracy, channetion procesy [5, 6]. Yetas a “peer-tss,lsuch as Air, it empowo-peer WiWe conduc hopping dynamics, and synchronization accDrop andtauAirPlay tha ers popular application without thean open sou preliminary security achievable throughput transuser noticint.assessmentrce Wiresof this undg. We believ sparently use AWDLhark dissecfuture woocumentee that pubrk.tor for AW and publishdlicprofollowingknowledgetocol wouldDL to noureasons: Firsbe bene crisht, sinthere are potCCS CONCential perform ce AWDL is based on ial for theneed to beEPTSIEEEance and coidenti ed. Networksexistence issu 802.11,This is espulated env Netwoes thatironmentsecially impworks; Linrk protocas AWDLortant inemploys aol designk-layer proreguses variouchannel hop; Ad hoctocols;s channelsnetfere withping mechaandcorporatenism thatKEYWORWidriver (wh-Fi deploymight inteDSments. Secere AWDLrAWDL, Revondiskernel ext, the Wi-Fiersension in cur implemented) is theProprietary e engineering, Ad hoclargest binrent versioncently pubaryprotocol, Aplishs of macOSnetworks,IEEE 802.11,ple, macOS. Given thethat might ed vulnerabilities in, iOSreWi-Fi chiplead to fullPermissio rmware [7,recommendsystem comn to make8]promise [9]a securitydigital orpersonal orhard copiesmentationaudit of the, we highlyclasof all or parts asmade or distr sroom use is grantedprotocol andof this worwithout feeibuted forare even mo vulnerabilities in nonk forprovpro t or comthis noticere-standardiz its impleand the fullmercial adva ided that copies arerequires kno likely to occur. Fored protocolscitation onnotof this worexample, prothe rst page ntage and that copieswlek owned bydgeof the frambear. Copyrightsothersre-implemtocol fuzzincredit is permfor compone format.entgitted. To copy than ACM must beentshonored. AbsThird, anredistributeotherwise,ability wit ation of the protoctotracting withopenorol wouldh other opepermissions lists, requires prior spec republish, to postallow interatihigh-throuon serversfrom permroperor toghput cross-p ng systems, eventuissions@acm i c permission and /orMobiComa fee. Request.org.ally enablin’18, Octobertechnologlatform dire29–Novemy is requirgct 2018 Assocombermu2, 2018, Newed,nication. Succiation foremergencDelhi, IndiComputingACM ISBNy communic for example, in smaMac978-1-4503-5artphone-b hation applicaTo maximhttps://doi.o903-0/18/10. hinery.asedtions [21,ize the imprg/10.1145/3. . 15.0025].have liftedact for the241539.32415resa layer in66Apple’s eco earch community,wesystem and1unveiled anBased on unitsales for iPhone, iPad, andMac sinceJohn2014 [4].A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link6

Discovery: BonjourAsk for AirDrop acol.enohPisnhoJfIPv6 oAAAA64:ccef:ff7:6b09::0fe8JaneA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct LinkJohn7

Authentication: HTTPSTLS connection withclient and server certificates*HTTP POST /DiFind outwhether we aremutual contactsscoverwith sender’s record data**JaneJohn* Common name: com.apple.idms.appleid.prd.UUIDA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link** RD UUID, H1, . . . , HnRDσ RD, sign(σApple, RD)8

Authentication: HTTPSTLS connection withclient and server certificates*1. Verify signature of RDσHTTP POST /Diwith sender’s recscover2. UUID RD σUUID3. Hi RD : Hi address bookord data**John* Common name: com.apple.idms.appleid.prd.UUID** RD UUID, H1, . . . , HnRDσ RD, sign(σApple, RD)A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link9

Authentication: HTTPSTLS connection withclient and server certificates*HTTP POST /Discoverwith sender’s record data**200 OK**ataddrocers’reviecewith rJaneJohn* Common name: com.apple.idms.appleid.prd.UUIDA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link** RD UUID, H1, . . . , HnRDσ RD, sign(σApple, RD)10

Data Transfer: HTTPSTLS connection withclient and server certificatesUser decidesto accept orto declineHTTP POST /Aswith sender’s reckord data200 OKJaneA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct LinkJohn11

Data Transfer: HTTPSTLS connection withclient and server certificatesHTTP POST /UpSend theactual filewith fileload200 OKJaneA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct LinkJohn12

Vulnerabilities and AttacksUser TrackingRevealing MAC addressand hostnameCVE-2019-8567CVE-2019-8620Remote activationBrute force attack onBluetooth LE discoveryfixed in iOS 12.2(Selective) BlackoutCrashing devices wirelesslythrough corrupt framesCVE-2018-4368Denial-of-ServiceBreaking communicationvia desynchronizationCVE-2019-8612ττs1 44 0 0 0 0 0 0 0 6 44 44 0 0 0 0 0 44 0 0 0 0s20 0 0 0 44 44 44 44 0 0 0 0 6 44 44 44 0 0 0 0 44φ τ/4Man-in-the-MiddleIntercepting filestransmitted via AirDropfixed in iOS 13 betaA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link13

Tracking: Vulnerability AnalysisA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link14

Tracking: Remote Activation136 contacts on average0000, 0001, 0002, 0003US 20Response Time [s] 30.72 s0004, 0005, 0006, 0007FFFC, FFFD, FFFE, FFFFBrute Force AnalysisExperimentAnalysis10210110010110210Source: microbit.org1001000Contact IdentifiersImplementationExperimental EvaluationA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link15Everyone

Tracking: Experimental Results# devices discovered in 1 min125Count10075AdvertisementsBrute ForceStaticNonepersons’ names in hostnamesGiven and Family12.6 %None24.1 %502.3 %25Only Family0AirportLibraryMetroLocationGiven and FamilyNoneOnly FamilyOnly Given61.0 %Only Givenbased on2010 US Census and1918–2017 US baby namesUniversity 2x devices discovered75% include person’s name(68% include the actual name)A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link16

Tracking: 4A56-BF79-B72D74CE679E.localA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Linkhostname randomizationfound in iOS 13 beta17

Vulnerabilities and AttacksUser TrackingRevealing MAC addressand hostnameCVE-2019-8567CVE-2019-8620Remote activationBrute force attack onBluetooth LE discoveryfixed in iOS 12.2(Selective) BlackoutCrashing devices wirelesslythrough corrupt framesCVE-2018-4368Denial-of-ServiceBreaking communicationvia desynchronizationCVE-2019-8612ττs1 44 0 0 0 0 0 0 0 6 44 44 0 0 0 0 0 44 0 0 0 0s20 0 0 0 44 44 44 44 0 0 0 0 6 44 44 44 0 0 0 0 44φ τ/4Man-in-the-MiddleIntercepting filestransmitted via AirDropfixed in iOS 13 betaA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link18

MitM: Recall AirDrop AuthenticationHTTPS POST /Discoverwith sender’s record data200 OKataddrocers’reviecerhtwiJaneA Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct LinkJohn19

MitM: Ambiguous Receiver Authentication State27% w/ pic?A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct LinkJane20