Handoff All Your Privacy (Again)

Presented at REcon 2023, June 10, 2023, 1 p.m. (60 minutes).

What information is your iPhone, iPad or MacBook giving away about you? iOS, iPadOS and macOS use a variety of proprietary protocols under the "Continuity" umbrella to share information across a user’s devices and provide us with a "seamless experience". However, much of this information is passed in the clear and can be sniffed, captured, or mimicked by other nearby devices. This talk will cover privacy considerations and demonstrate the private information being passed in the clear via Apple’s proprietary Bluetooth Continuity protocol, including one called "Handoff". First, the talk will highlight the Bluetooth research performed by the FuriousMAC research team to reverse engineer the Continuity protocol (without any documentation from Apple). Then, it will demonstrate how others can build upon this research using the tools provided by FuriousMAC and others in the Apple researcher community! Next, the talk will give a breakdown the of cryptographic protocols employed in AirTags via the Continuity Protocol and explain "Offline Finding". Finally, this talk will also show its observations to the changes in the Continuity protocol that have occurred over the years since the AirTag's official release in 2021.

Presenters:

  • Christine Fossaceca
    Christine Fossaceca is a senior mobile security researcher and reverse engineer Microsoft, focusing on the Defender platform within Microsoft Threat Intelligence. She spends most of her time on Android and iOS mobile device reverse engineering and forensics. Christine is an IDA Pro afficionado, but is learning to like Ghidra, too. She also enjoys using Frida to aid her in dynamic analysis, and tries not to let her dog distract her too much!

Links:

Similar Presentations: