Researchers at Darmstadt Technical University claim that the Apple Wireless Direct Link Protocol (AWDL) contains vulnerabilities that endangers more than 1.2 billion devices.
Using these gaps, an attacker can track users, disable devices, or intercept files transferred between devices (man-in-the-middle, MitM).Experts from Darmstadt Technical University began analyzing the Apple Wireless Direct Link protocol last year. Though Apple launched AWDL in 2014, now it is a cornerstone ofcommunication between devices in the Apple ecosystem.
Many users of a corporation product from Cupertino may not even suspect the existence of AWDL, but it is the core of the AirPlay and AirDrop services. Apple releases all its devices (iMac, MacBook, iPhone, iPad, Applw watch, Apple TV and HomePod) with enabled AWDL.
For the past five years since the launch of AWDL, Apple has refused to publish detailed technical details of the protocol’s work. This led to the fact that the researchers did not have the opportunity to analyze it for the presence of vulnerabilities.
“Considering the well-known rocky history of wireless protocols’ security, with various flaws being repeatedly discovered in Bluetooth, WEP, WPA2, GSM, UMTS, and LTE, the lack of information regarding AWDL security is a significant concern given the increasing number of services that rely on it”, — the research team said.
Considering the fact that the number of people using AWDL is constantly growing, experts of the Darmstadt Technical University in 2018 decided to make a detailed analysis of the protocol. As a result, specialists conducted a reverse engineering of AWDL and then rewrote it as a C-implementation called OWL (Open Wireless Link).
This allowed using OWL as a platform for testing AWDL for vulnerability to cyberattacks. The analysis revealed several problems that threaten the security and privacy of users.
“Our analysis reveals several security and privacy vulnerabilities ranging from design flaws to implementation bugs enabling different kinds of attacks”, — the research team said.
For example, an attacker could launch a Man-in-the-Middle attack if files are transferred via AirDrop. At the same time, a cybercriminal can not only intercept files, but also modify them, which makes it possible to install malicious files on the device.
Demonstration of vulnerability on video from researchersResearch team reported that it had notified Apple of any vulnerabilities they discovered between August and December 2018.
However, judging by the reaction of the corporation, majority of vulnerabilities are unlikely to be fixed in the near future.
Researchers warn that the same errors may also affect Android and other types of devices.
“The impact of these findings goes beyond Apple’s ecosystem as the Wi-Fi Alliance adopted AWDL as the basis for Neighbor Awareness Network-ing (NAN) which, therefore, might be susceptible to similar attacks”, — the research team said.
More details about the vulnerabilities described in this article are available in a pre-print white paper named “A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link” that the research team will be presenting at the USENIX security conference in mid-August, in a few weeks time.
