Apple’s AWDL protocol plagued by flaws that enable tracking and man-in-the-middle attacks

Catalin Cimpanu for ZDNet:

Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks. These are the findings of a research project that started last year at the Technical University of Darmstadt, in Germany, and has recently concluded, and whose findings researchers will be presenting later this month at a security conference in the US.

While most Apple end users might not be aware of the protocol’s existence, AWDL is at the core of Apple services like AirPlay and AirDrop, and Apple has been including AWDL by default on all devices the company has been selling, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods.

While MitM attacks are hard to pull off and DoS attacks that crash devices are rarely useful, the AWDL vulnerabilities that allow user tracking are the ones that are truly concerning… The research team worried that AWDL-based tracking technology could be deployed in retail stores or public spaces and track users’ movement through an area.

As for patches against these attacks, the research team said they notified Apple of all the vulnerabilities they found, between August and December 2018. “While Apple was able to issue a fix for a DoS attack vulnerability after our responsible disclosure, the other security and privacy vulnerabilities require the redesign of some of their services,” researchers said.

MacDailyNews Take: This is obviously something to which Apple – and Google, potentially (see below) — must devote considerable work!

The researcher’s white paper, “A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link, also states, “The impact of these findings goes beyond Apple’s ecosystem as the Wi-Fi Alliance adopted AWDL as the basis for Neighbor Awareness Networking (NAN) which, therefore, might be susceptible to similar attacks. Moreover, Google Android provides a NAN API since 2017 pending manufacturer support… NAN, commonly known as Wi-Fi Aware, is a new standard supported by Android which draws on AWDL’s design and, thus, might be vulnerable to the similar attacks as presented in this work. This is pending further investigation.”

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.