Apple's AWDL protocol plagued by flaws that enable tracking and MitM attacks

guest · Jul 30, 2019

Apple's AWDL protocol plagued by flaws that enable tracking and MitM attacks
Apple patched a bug in May, but academics say the rest of the flaws require a redesign of some Apple services
July 30, 2019
https://www.zdnet.com/article/apple...-flaws-that-enable-tracking-and-mitm-attacks/

Apple Wireless Direct Link (AWDL), a protocol installed on over 1.2 billion Apple devices, contains vulnerabilities that enable attackers to track users, crash devices, or intercept files transferred between devices via man-in-the-middle (MitM) attacks.

These are the findings of a research project that started last year at the Technical University of Darmstadt, in Germany, and has recently concluded, and whose findings researchers will be presenting later this month at a security conference in the US.
GERMAN AND US RESEARCHERS REVERSE-ENGINEERED AWDL
"Considering the well-known rocky history of wireless protocols' security, with various flaws being repeatedly discovered in Bluetooth, WEP, WPA2, GSM, UMTS, and LTE, the lack of information regarding AWDL security is a significant concern given the increasing number of services that rely on it," the research team said.
Click to expand...

AWDL VULNERABILITIES
"Our analysis reveals several security and privacy vulnerabilities ranging from design flaws to implementation bugs enabling different kinds of attacks," the research team said.
AWDL IS IDEAL FOR PERVASIVE USER TRACKING
But while MitM attacks are hard to pull off and DoS attacks that crash devices are rarely useful, the AWDL vulnerabilities that allow user tracking are the ones that are truly concerning.
Click to expand...

Log in or Sign up

Apple's AWDL protocol plagued by flaws that enable tracking and MitM attacks

guest Guest

Log in or Sign up

Apple's AWDL protocol plagued by flaws that enable tracking and MitM attacks

guest Guest

Useful Searches