Home » News » Researchers estimate that 1.2 billion of Apple’s devices are not protected from MitM attacks

Researchers estimate that 1.2 billion of Apple’s devices are not protected from MitM attacks

Researchers at Darmstadt Technical University claim that the Apple Wireless Direct Link Protocol (AWDL) contains vulnerabilities that endangers more than 1.2 billion devices.

Using these gaps, an attacker can track users, disable devices, or intercept files transferred between devices (man-in-the-middle, MitM).

Experts from Darmstadt Technical University began analyzing the Apple Wireless Direct Link protocol last year. Though Apple launched AWDL in 2014, now it is a cornerstone ofcommunication between devices in the Apple ecosystem.

Many users of a corporation product from Cupertino may not even suspect the existence of AWDL, but it is the core of the AirPlay and AirDrop services. Apple releases all its devices (iMac, MacBook, iPhone, iPad, Applw watch, Apple TV and HomePod) with enabled AWDL.

Read also: Vulnerability of the macOS integrated protections allows attackers start side application on victim’s computer

For the past five years since the launch of AWDL, Apple has refused to publish detailed technical details of the protocol’s work. This led to the fact that the researchers did not have the opportunity to analyze it for the presence of vulnerabilities.

“Considering the well-known rocky history of wireless protocols’ security, with various flaws being repeatedly discovered in Bluetooth, WEP, WPA2, GSM, UMTS, and LTE, the lack of information regarding AWDL security is a significant concern given the increasing number of services that rely on it”, — the research team said.

Considering the fact that the number of people using AWDL is constantly growing, experts of the Darmstadt Technical University in 2018 decided to make a detailed analysis of the protocol. As a result, specialists conducted a reverse engineering of AWDL and then rewrote it as a C-implementation called OWL (Open Wireless Link).

READ  Password-stealing malware LokiBot started hiding its code in pictures

This allowed using OWL as a platform for testing AWDL for vulnerability to cyberattacks. The analysis revealed several problems that threaten the security and privacy of users.

“Our analysis reveals several security and privacy vulnerabilities ranging from design flaws to implementation bugs enabling different kinds of attacks”, — the research team said.

For example, an attacker could launch a Man-in-the-Middle attack if files are transferred via AirDrop. At the same time, a cybercriminal can not only intercept files, but also modify them, which makes it possible to install malicious files on the device.

Demonstration of vulnerability on video from researchers

Research team reported that it had notified Apple of any vulnerabilities they discovered between August and December 2018.

However, judging by the reaction of the corporation, majority of vulnerabilities are unlikely to be fixed in the near future.

Researchers warn that the same errors may also affect Android and other types of devices.

“The impact of these findings goes beyond Apple’s ecosystem as the Wi-Fi Alliance adopted AWDL as the basis for Neighbor Awareness Network-ing (NAN) which, therefore, might be susceptible to similar attacks”, — the research team said.

More details about the vulnerabilities described in this article are available in a pre-print white paper named “A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link” that the research team will be presenting at the USENIX security conference in mid-August, in a few weeks time.

[Total: 0    Average: 0/5]

About Trojan Killer

Carry Trojan Killer Portable on your memory stick. Be sure that you’re able to help your PC resist any cyber threats wherever you go.

Check Also

Adwind attacks energy sector

RAT Trojan Adwind attacks US energy sector

Unknown attackers targeted infrastructure of the US electricity industry. With the help of malicious emails, …

Trojan Bolik masks under NordVPN

Bank Bolik Trojan masks itself under NordVPN

Doctor Web experts warned that attackers use copies of popular services sites to distribute Bolik …

Leave a Reply