Trust in Apple's Secret Garden: Exploring & Reversing Apple's Continuity Protocol
Conference: BlackHat EU 2019
2019-12-05
Summary
The presentation discusses the privacy hazards and vulnerabilities in the Continuity protocol used by Apple devices.
- Continuity protocol used by Apple devices has privacy hazards and vulnerabilities
- The protocol leaks device usage and identity, allowing adversaries to track devices
- Megrandomization can be broken, rendering it useless
- Wi-Fi analyzation is still in draft and may have issues in the real world
- Reviewing information of new protocols carefully is recommended
Abstract
Apple devices are known for "it works", after you unbox it and login with your Apple ID, and it would be able to integrate other devices from Apple.By using protocols like AirDrop, iMessage which falls under the umbrella of "Continuity," devices can seamlessly share messages, browser tabs, clipboards and wireless hotspots without much hassle of setting it up. However, during our daily usage of said protocols, we barely to think about privacy and security implications behind these protocols, and will be assuming that Apple protects our privacy at all times. However, as these are proprietary protocols, it's not validated by any 3rd party and in some cases, these claims regarding security and privacy are not true.Since Continuity is based on BLE, some actions which required using it as bootstrapping and switching to another protocols would result in MAC address de-anonymization, and by the way the device announces its presence to nearby brethren, it results in privacy leaks which an adversary can learn its metadata such as screen usage, battery levels, and even OS fingerprinting.As another in-progress target of this research is to port Continuity to other platforms, its protocol details will be discussed openly to the world for the first time.
Materials:
Tags: