Apple, you've AirDrop'd the ball: Academics detail ways to leak contact info of nearby iThings for spear-phishing
Too bad there's no suggested solution... oh, wait
Apple's AirDrop has a couple of potentially annoying privacy weaknesses that Cupertino is so far refusing to address even though a solution has been offered.
A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop – iOS and macOS's ad-hoc over-the-air file-sharing service – and found that senders and receivers may leak their contact details in the process. More than a billion people are said to be at risk of this, in that there are now more than a billion active iPhones at any one time. Despite the team alerting Apple to the oversight in May 2019, and suggesting ways to address it last October, the iGiant hasn't issued a fix.
"We started looking at the protocols in 2017," Dr Milan Stute at the uni's Secure Mobile Networking Lab told The Register on Wednesday. "We reverse engineered a lot of stuff and found two major issues."
AirDrop sets up a TLS-encrypted direct peer-to-peer Wi-Fi connection between Apple gear for sharing files. The Darmstadt team analyzed the proprietary Wi-Fi link-layer protocol, known as the Apple Wireless DirectLink, and the Bluetooth connections AirDrop uses, and found a way to potentially obtain victims' contact details – typically their phone number or email address.
AirDrop hole deposits stealth malware on all pre-iOS 9 Apple devicesFROM THE ARCHIVE
When an AirDrop connection is attempted between a sender and a receiver, the sender transmits over the air a message containing a hash, or digital fingerprint, of its user's email address or phone number as part of an authentication handshake. In response, if the sender is recognized, the receiver transmits back its hash.
The hashing function should act as a form of one-way encryption: you shouldn't be able to deduce what the original data was, just that it generated the given fingerprint. Unfortunately, Apple uses the 20-year-old SHA-256 algorithm to perform the hashing. Thus, it's possible to crack the SHA-256 hash of an AirDrop user's phone number and discover the original digits in milliseconds, Christian Weinert, of the university's Cryptography and Privacy Engineering Group, told us.
Email address hashes are harder to break, though one could use databases of leaked email addresses and dictionary attacks on @gmail.com, @yahoo.com, and similar addresses to relatively quickly reverse an email address hash to the original.
"We don't have concrete numbers on email hash cracking time, but look at the Facebook leak: there's over 500 million addresses that could be used," he said. "There are also online services that will do this for you."
The upshot is that these two scenarios are possible, it is claimed:
- A miscreant could set up a system that listens out for iPhones, iPads, and Macs scanning for nearby AirDrop-enabled devices. When one of these iOS and macOS machines scans the area, it sends out a message containing its user's contact information as a hash, which can be recorded and cracked. This contact information could then be used for spear-phishing, say, in a targeted environment.
- A miscreant seeking to work their way into a targeted environment could figure out an email address or phone number likely to be recognized by nearby devices – it could be a boss's office phone number, for example. The miscreant transmits AirDrop requests to receivers in the vicinity, and sends that common contact detail as a hash in the handshaking message. The nearby receivers recognize the hashed contact detail and reply with a message containing their contact details as hashes. Bingo, you can now determine the email addresses and phone numbers of surrounding AirDrop-capable devices from harvested hashes, again for spear-phishing purposes.
These are somewhat esoteric vulnerabilities, and not something for the public at large to really worry about, but annoying nonetheless.
Observing responsible disclosure guidelines, the team notified Apple in May 2019 about the shortcomings, and Cupertino said it would look into it. A few months later, the Apple Bleee project also discovered one of the vulnerabilities. In July last year, Apple said it did "not have any updates on new features or any changes to mitigate the underlying issue.”
Funnily enough, the Darmstadt team did, and three months later sent Apple a solution for the issue, publishing the code as PrivateDrop on GitHub. Their approach thwarts hash cracking and typically adds less than a second to the time needed to establish an AirDrop connection.
The Darmstadt team's paper [PDF] on the above is now published, and will be presented at the USENIX Security '21 conference in August. Apple has received a full copy of the paper, and apparently told the team it appreciates "the updates and working with researchers such as yourself.”
Unfortunately, the PrivateDrop code isn't something the average Apple user can just install to protect themselves. "Basically what we did was proof of concept code, but to deploy you would need the help of Apple," Weinert said. "It's not that we can provide an app, this needs to be put in the operating systems." ®
Members of the AirDrop privacy paper are also behind another USENIX Security '21 study into other vulnerabilities in Apple's wireless protocols, demonstrating how they can be disrupted, hijacked, and more.