TU Darmstadt / ULB / TUprints

A Billion Open Interfaces for Eve and Mallory : MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link

Stute, Milan and Narain, Sashank and Mariotto, Alex and Heinrich, Alexander and Kreitschmann, David and Noubir, Guevara and Hollick, Matthias (2019):
A Billion Open Interfaces for Eve and Mallory : MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link. (Publisher's Version)
In: Proceedings of the 28th USENIX Security Symposium, pp. 37-54,
Berkeley, CA, USENIX Association, 28th USENIX Security Symposium (USENIX Security 19), Santa Clara, USA, 14.-16.8.2019, ISBN 978-1-939133-06-9,
DOI: 10.25534/tuprints-00013264,
[Conference or Workshop Item]

[img]
Preview
Text
Stute et al. - 2019 - A Billion Open Interfaces for Eve and Mallory MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wi(2).pdf
Available under CC-BY 4.0 International - Creative Commons, Attribution.

Download (10MB) | Preview
Item Type: Conference or Workshop Item
Origin: Secondary publication service
Status: Publisher's Version
Title: A Billion Open Interfaces for Eve and Mallory : MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link
Language: English
Abstract:

Apple Wireless Direct Link (AWDL) is a key protocol in Apple's ecosystem used by over one billion iOS and macOS devices for device-to-device communications. AWDL is a proprietary extension of the IEEE 802.11 (Wi-Fi) standard and integrates with Bluetooth Low Energy (BLE) for providing services such as Apple AirDrop. We conduct the first security and privacy analysis of AWDL and its integration with BLE. We uncover several security and privacy vulnerabilities ranging from design flaws to implementation bugs leading to a man-in-the-middle (MitM) attack enabling stealthy modification of files transmitted via AirDrop, denial-of-service (DoS) attacks preventing communication, privacy leaks that enable user identification and long-term tracking undermining MAC address randomization, and DoS attacks enabling targeted or simultaneous crashing of all neighboring devices. The flaws span across AirDrop's BLE discovery mechanism, AWDL synchronization, UI design, and Wi-Fi driver implementation. Our analysis is based on a combination of reverse engineering of protocols and code supported by analyzing patents. We provide proof-of-concept implementations and demonstrate that the attacks can be mounted using a low-cost ($20) micro:bit device and an off-the-shelf Wi-Fi card. We propose practical and effective countermeasures. While Apple was able to issue a fix for a DoS attack vulnerability after our responsible disclosure, the other security and privacy vulnerabilities require the redesign of some of their services.

Title of Book: Proceedings of the 28th USENIX Security Symposium
Place of Publication: Berkeley, CA
Publisher: USENIX Association
Classification DDC: 000 Allgemeines, Informatik, Informationswissenschaft > 004 Informatik
Divisions: 20 Department of Computer Science > Sichere Mobile Netze
Profile Areas > Cybersecurity (CYSEC)
LOEWE > LOEWE-Schwerpunkte > NiCER – Networked infrastructureless Cooperation for Emergency Response
LOEWE > LOEWE-Zentren > CRISP - Center for Research in Security and Privacy
Event Title: 28th USENIX Security Symposium (USENIX Security 19)
Event Location: Santa Clara, USA
Event Dates: 14.-16.8.2019
Date Deposited: 30 Nov 2020 12:20
Last Modified: 30 Nov 2020 12:20
DOI: 10.25534/tuprints-00013264
Corresponding Links:
URN: urn:nbn:de:tuda-tuprints-132644
URI: https://tuprints.ulb.tu-darmstadt.de/id/eprint/13264
Export:
Actions (login required)
View Item View Item