Trust in Apple's Secret Garden: Exploring & Reversing Apple's Continuity Protocol

Presented at Black Hat Europe 2019, Dec. 5, 2019, 3:25 p.m. (50 minutes)

Apple devices are known for "it works", after you unbox it and login with your Apple ID, and it would be able to integrate other devices from Apple.

By using protocols like AirDrop, iMessage which falls under the umbrella of "Continuity," devices can seamlessly share messages, browser tabs, clipboards and wireless hotspots without much hassle of setting it up. However, during our daily usage of said protocols, we barely to think about privacy and security implications behind these protocols, and will be assuming that Apple protects our privacy at all times.

However, as these are proprietary protocols, it's not validated by any 3rd party and in some cases, these claims regarding security and privacy are not true.

Since Continuity is based on BLE, some actions which required using it as bootstrapping and switching to another protocols would result in MAC address de-anonymization, and by the way the device announces its presence to nearby brethren, it results in privacy leaks which an adversary can learn its metadata such as screen usage, battery levels, and even OS fingerprinting.

As another in-progress target of this research is to port Continuity to other platforms, its protocol details will be discussed openly to the world for the first time.


  • Ta-Lun Yen - Independent Security Researcher,  
    <span>Ta-Lun Yen is an independent researcher with interests in reverse engineering, protocol analysis, wireless security, embedded & IoT/ICS device security. Been a member of a Taiwanese InfoSec community "UCCU Hacker" since 2018. Presented at various conferences & events including HITCON 2018/2019, TDOH-Conf 2018.</span>


Similar Presentations: