Apple Wireless Direct Link or AWDL, a wireless protocol that forms the basis of AirPlay and AirDrop services found in billions of Apple devices, is said to contain vulnerabilities that allow attackers to track users, crash devices, or intercept files transferred between devices using man-in-the-middle or MitM attacks (via ZDNet).
According to the findings of research from the Technical University of Darmstadt, Germany, several security and privacy vulnerabilities “ranging from design flaws to implementation bugs” in Apple Wireless Direct Link (AWDL) enable different kinds of attacks (via ZDNet).
Although Apple has been including AWDL by default on all of its devices for the past five years or so, the company has never published any in-depth technical details about how the wireless protocol works. To study AWDL, the researchers reverse-engineered the protocol and then re-wrote it as a C implementation.
Below are some important findings shared by the researchers:
A MitM attack which intercepts and modifies files transmitted via AirDrop, effectively allowing for the planting of malicious files.
A long-term device tracking attack which works in spite of MAC randomization, and may reveal personal information such as the name of the device owner (over 75% of experiment cases).
A DoS attack aiming at the election mechanism of AWDL to deliberately desynchronize the targets’ channel sequences effectively preventing communication with other AWDL devices.
Two additional DoS attacks on Apple’s AWDL implementations in the Wi-Fi driver. The attacks allow crashing Apple devices in proximity by injecting specially crafted frames. The attacks can be targeted to a single victim or affect all neighbouring devices at the same time.
Apple fixed the AWDL DoS bug (CVE-2019-8612) in iOS 12.3, tvOS 12.3, watchOS 5.2.1, and macOS 10.14.5, released in May.
Check out a demonstration of a man-in-the-middle (MitM) attack in the video embedded below, demonstrated through AirDrop: