Researchers from Darmstadt technical University (Germany) reviewed the work of the Protocol Apple Wireless Direct Link (AWDL) that is implemented in more than 1.2 billion devices and found vulnerabilities, the exploitation of which allows attackers to track a user, to cause failure of the device or to intercept files transmitted between devices by using attacks-middle (MitM).
Apple launched the AWDL Protocol in 2014 to provide wireless communication between their devices. AWDL is at the heart of Apple services like AirPlay and AirDrop, and the manufacturer default includes AWDL in almost all products — Mac, iPhone, iPad, Apple Watch, Apple TV and HomePods. However, over the past five years, the company has not published technical details about the functionality of the Protocol.
“Considering the complicated history of the wireless protocols, when Bluetooth, WEP, WPA2, GSM, UMTS and LTE repeatedly found various vulnerabilities, lack of information on the safety AWDL has become a serious problem, given the growing number of services using it,” the researchers note.
The analysis revealed several design flaws and bugs in the implementation, allowing different types of attacks, including an attack facilitator (allows you to intercept and modify data sent using AirDrop, and inject malicious files) attack that allows you to track the device, despite the randomization of MAC addresses and to access personal information such as the name of the owner of the device, DoS attacks that violate connection with other AWDL devices and causing the failure of the “Apple” devices.
Despite the various security features to prevent MitM attacks, the researchers were able to bypass them. Using the TCP Reset attack they blocked the connection AWDL and set up his equipment between the two devices, organizing a legitimate connection with both gadgets. As a result, the researchers were able to learn the name of the device real MAC address, the access point is connected to the device, class of device (iOS, watch OS, macOS, tvOS, etc.) and the Protocol version AWDL.
A team of researchers have notified Apple about all the vulnerabilities in 2018. Apple has fixed an issue (CVE-2019-8612) with the release of iOS 12.3, 12.3 tvOS, watchOS 5.2.1 and macOS 10.14.5.
Read more •••