A research team at TU Darmstadt has found a vulnerability in Apple's iOS that affects more than half a billion devices. Researchers strongly recommend that users install the just-released Update 12.1. Because of the vulnerability, attackers could crash iPhones and iPads with commercial hardware and no physical access.
Scientists from the Secure Mobile Networking Lab at TU Darmstadt have found a vulnerability in the iPhone operating system iOS 12, through which an attacker could use apple mobile devices such as iPhones and iPads with a standard Wi-Fi card and a device available for less than 20 euros. programmable board can crash. According to the "responsible disclosure" principle, the vulnerability was reported to Apple and just closed by an iOS update. Scientists strongly recommend apple mobile device users to install the latest iOS update 12.1 to protect the devices.
Apple traditionally promotes user-friendly features, such as AirPlay, which allows you to send music or movies to compatible speakers and TVs wirelessly and with one click from a variety of Apple devices. The underlying protocols use manufacturer extensions such as Apple Wireless Direct Link (AWDL), which enables direct Wi-Fi communication between Apple devices. But the comfortable functions also carry risks, explains TU Professor Matthias Hollick, Head of the Secure Mobile Networking Lab: "AWDL uses various radio technologies. Simply put, we ring the bluetooth LE storm and the target device activates AWDL.
In a second step, we take advantage of the fact that Apple does not fully cleanly check the inputs we send to the target device; this allows us to flood the device with nonsensical inputs. As a result, we can crash the target device or all nearby devices at the same time. We don't need any user interaction."
Milan Stute, employee at the Secure Mobile Networking Lab, adds: "To carry out the Bluetooth brute force attack and the following steps practically, you don't even need special hardware: the attack works with a Wi-Fi card of a commercially available Laptops and a BBC micro:bit, a low-cost Bluetooth-enabled single-board computer similar to a Raspberry Pi or Arduino, originally developed as a programming learning platform for school children." Potential attackers would therefore have an easy game. The researchers demonstrate this in a video of the attack, which they posted on YouTube, which is no longer possible after the update has been successfully installed. In rows, the devices crash without the researchers having to touch them once.
In order to discover the vulnerability – published as CVE-2018-4368 – the researchers first had to understand the proprietary AWDL protocol and recreate it in their own prototype. This made it possible to exploit the vulnerability.
Even if the vulnerability found only affects Apple devices, users should not weigh themselves in safety with an Android phone: The vulnerability found also has implications for the "non-Apple world". The new standard of the Wi-Fi Alliance, Neighbor Awareness Networking (NAN), builds on AWDL and is already supported by Google's Android (https://www.wi-fi.org/discover-wi-fi/wi-fi-aware). Researchers expect similar vulnerabilities to be found in NAN implementations because AWDL and NAN have similar levels of complexity.
Source: Press release of TU Darmstadt
M. Stute, D. Kreitschmann, and M. Hollick, "One Billion Apples' Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol," In: The 24th Annual International Conference on Mobile Computing and Networking (MobiCom '18), 2018.
Link to the publication: https://owlink.org
iOS 12.1 Release Notes: https://support.apple.com/kb/HT201222