Handoff All Your Privacy (Again)

Presented at Objective by the Sea version 5.0 (2022), Oct. 7, 2022, 3:25 p.m. (25 minutes)

What information is your iPhone or MacBook giving away about you? iOS and macOS use a variety of proprietary protocols under the "Continuity" umbrella to share information across a user’s devices and provide a "seamless experience". However, much of this information is passed in the clear and can be sniffed, captured, or mimicked by other nearby devices. \n\n This talk will demonstrate privacy considerations and the private information being passed in the clear via Apple’s proprietary Bluetooth Continuity protocol, including one called "Handoff". This talk will highlight previous Bluetooth research performed by the FuriousMAC research team and demonstrate how others can build upon this research using the tools provided by FuriousMAC and others in the Apple researcher community!

Presenters:

• Christine Fossaceca - Senior Mobile Security Researcher and Reverse Engineer at Microsoft
  Christine Fossaceca is a senior mobile security researcher and reverse engineer at Microsoft. She has experience with Android and iOS. Christine is an IDA Pro afficionado, but is learning to like Ghidra, too. She also enjoys using Frida to aid her in dynamic analysis, and tries not to let her dog distract her too much.

Links:

• https://objectivebythesea.org/v5/talks.html#Speaker_20

Similar Presentations:

• REcon 2023 / Handoff All Your Privacy (Again)
• DeepSec 2013 „Secrets, Failures, and Visions“ / Uncovering your trails. Privacy issues of bluetooth devices.
• Black Hat Europe 2019 / Trust in Apple's Secret Garden: Exploring & Reversing Apple's Continuity Protocol