All Your Apple are Belong to Us: Unique Identification and Cross-Device Tracking of Apple Devices

Presented at Black Hat USA 2019, Aug. 8, 2019, 9:45 a.m. (50 minutes)

Privacy is about people. Smartphones and laptops (e.g., iPhone, iPad, and MacBooks) are the most frequently used personal devices. Consequently, people with ulterior motives (e.g., advertisers) can easily connect to individuals through these devices. Although Apple is trying to provide the best protection of personal information on Apple devices, many approaches (e.g., private APIs and vulnerabilities) are being abused to uniquely identify users. Besides, identifying and correlating people's devices allows cross-device companies to track one person and target operations (e.g., advertising) on both of his/her devices. However, such cross-device tracking can principally reveal a complete picture of a person and become more privacy-invasive than the simple tracking.

In this talk, we will show a study of unique identification and cross-device tracking technologies of Apple devices. We first list several approaches (e.g., public APIs and vulnerabilities like CVE-2018-4322) to uniquely identify the Apple device even after a system rebooting or resetting. Moreover, we present advanced algorithms and vulnerabilities (e.g., CVE-2018-4321) to associate Apple device through deterministic user IDs (e.g., Apple IDs and phone numbers) and probabilistic data (e.g., device names, coordinate information, and IP addresses). Last but not least, we discuss feasible solutions (e.g., instrumentation and differential privacy) to prevent unique identification and cross-device tracking. It is worth noting that all vulnerabilities we found were reported to Apple (follow-up id: 710526756) and we believe our study can help Apple to maintain and improve the privacy of their products.

Presenters:

• Xiaolong Bai - Security Engineer, Alibaba Inc.
  Xiaolong Bai is a security researcher from Alibaba Inc. His research area includes system security and mobile security. He has published several research in Black Hat USA, Black Hat Europe, DEFCON, HITB, etc. Also, he has published papers in top academic conferences like IEEE S&P, Usenix Security, CCS, and NDSS. His research has been acknowledged by famous vendors, including Apple, Google, Facebook, Evernote, and Tencent for contribution of discovering vulnerabilities and improving the security in their products. He is also a member of the OverSky jailbreaking team, which develops private jailbreaks.
• Min Zheng / Spark - Security Expert, Alibaba Inc.   as Min Zheng
  Min (Spark) Zheng is a security expert in Alibaba Orion Security Lab. He received his Ph.D. degree in the CSE department of the CUHK. His research focuses on malware analysis, smartphone (Android & iOS) security and risk control. Before receiving Alibaba A-Star offer award in 2015, he worked in FireEye, Baidu and Tencent. He won the 'best security researcher' award in FIT 2016 for detecting the iOS/macOS vulnerabilities, XcodeGhost virus and WormHole RCE vulnerability. He is a member of the OverSky team for iOS security tool development. He gave talks at RSA, BlackHat, DEFCON, CanSecWest, HITB, etc.

Links:

• https://www.blackhat.com/us-19/briefings/schedule/#all-your-apple-are-belong-to-us-unique-identification-and-cross-device-tracking-of-apple-devices-15483
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/All Your Apple are Belong to Us Unique Identification and Cross-Device Tracking of Apple Devices.mp4
• https://infocon.org/cons/Black Hat/Black Hat USA/Black Hat USA 2019/All Your Apple are Belong to Us Unique Identification and Cross-Device Tracking of Apple Devices.en.transcribed.srt (subtitles)
• https://www.youtube.com/watch?v=JbzrgGqWLpI

Similar Presentations:

• Black Hat Europe 2017 / Jailbreaking Apple Watch
• BSidesSF 2017 / The Underground Economy of Apple ID
• DEF CON 25 (2017) / Jailbreaking Apple Watch