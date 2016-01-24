from the trusting-corps-to-protect-you dept.
Apple AirDrop Leaks User Data Like a Sieve. Chinese Authorities Say They're Scooping It Up.
Chinese authorities are exploiting a weakness Apple has allowed to go unfixed for 5 years:
Chinese authorities recently said they're using an advanced encryption attack to de-anonymize users of AirDrop in an effort to crack down on citizens who use the Apple file-sharing feature to mass-distribute content that's illegal in that country.
[...] The scant details and the quality of Internet-based translations don't explicitly describe the technique. All the translations, however, have said it involves the use of what are known as rainbow tables to defeat the technical measures AirDrop uses to obfuscate users' phone numbers and email addresses.
[...] In 2021, researchers at Germany's Technical University of Darmstadt reported that they had devised practical ways to crack what Apple calls the identity hashes used to conceal identities while AirDrop determines if a nearby person is in the contacts of another. One of the researchers' attack methods relies on rainbow tables.
[...] Christian Weinert, one of the TU Darmstadt researchers who's now at Royal Holloway University in London, said in an email that Green is almost certainly correct.
"The attack clearly exploits the underlying issue that we pointed out in our paper and that we reported to Apple—namely the insecure use of hash functions for 'obfuscating' contact identifiers in the AirDrop protocol," he wrote. "Furthermore, the described use of rainbow tables for 'cracking' the hash values seems identical to what we described in a paper published at WiSec '21 (https://eprint.iacr.org/2021/893) where we demonstrate our attacks. Note that the screenshots in the Chinese blog post indicate that the forensic lab implemented their own tooling for this and also considers email addresses in addition to phone numbers."
[...] According to the TU Darmstadt researchers, Apple has known since at least 2019 that AirDrop leaks the real-world identities of users. To this day, however, Apple has never publicly discussed or acknowledged any aspect of the leakage, including whether the company has plans to replace AirDrop's hash-based PSI with a more secure PSI, such as one devised by the researchers. Apple representatives didn't respond to an email Thursday asking once again if it was aware of the leakage and if it has any plans to plug it.
[...] For now, there's nothing AirDrop users can do to prevent their phone number and email address from being leaked, short of configuring the feature to "receiving off" and never initiating a send. Any protection beyond that will require the active participation of Apple, which so far has maintained radio silence on the topic.
China forensic firm cracks Apple's AirDrop to help Beijing police track senders
Beijing's Municipal Bureau of Justice has said that a private company cracked an Airdrop file shared to a subway passenger's phone:
A Beijing-based forensics firm has helped police to track down people using Apple's AirDrop feature to send " inappropriate speech", according to the Chinese capital's Bureau of Justice.
In an article published on its official WeChat account on Monday, the bureau said forensic firm Beijing Wangshendongjian Technology Co Ltd had "broken through the technical difficulties of tracing anonymous AirDrops".
The firm "prevented the further spread and potential bad influence of inappropriate speech" on the Beijing subway, when a passenger's iPhone received an unacceptable video via AirDrop, the bureau said.
[...] The bureau did not specify when the incident occurred, but said Wangshendongjian analysed the iPhone's logs and found the sender's mobile number and email address in the form of hash values, some of them hidden.
Wangshendongjian then used a "rainbow table" of cracked passwords to decode enough information from the files to help police "identify several suspects", according to the article.
[...] Apple updated its operating system in November 2022, imposing a 10-minute limit on the sharing of AirDrop content on all iPhones sold in mainland China, weeks after the service was used to share pictures from a protest in Beijing.
The company did not explain the reason for the update, which appeared to be aimed at preventing Chinese iPhone users from bypassing the country's strict internet censorship rules.
In July 2023, the Cyberspace Administration of China – the top internet watchdog – introduced a draft regulation aimed at further restricting the use of AirDrop to "safeguard national security".
The following is a very nice in-depth explanation of what this exploit is about.
Attack of the Week: Airdrop Tracing
Attack of the week: Airdrop tracing:
A quick note: most of my "attack of the week" posts are intended to highlight recent research. This post is therefore a bit unusual: the attack in question is not really new; it dates back to 2019, when a set of TU Darmstadt researchers — Heinrich, Hollick, Schneider, Stute, and Weinert — reverse-engineered the Apple Airdrop protocol and disclosed several privacy issues to Apple. (The resulting paper, which appeared in Usenix Security 2021 can be found here.)
What makes this an attack of the week is a new piece of news initially broken by Bloomberg (other coveragewithout paywall) claiming that researchers in China's Beijing Wangshendongjian Judicial Appraisal Institute have used these vulnerabilities to help police to identify the sender of "unauthorized" AirDrop materials, using a technique based on rainbow tables. While this new capability may not (yet) be in widespread deployment, it represents a new tool that could strongly suppress the use of AirDrop in China and Hong Kong.
And this is a big deal, since AirDrop is apparently one of a few channels that can still be used to disseminate unauthorized protest materials — and indeed, that was used in both places in 2019 and 2022, and (allegedly as a result) has already been subject to various curtailments.
In this post I'm going to talk about the Darmstadt research and how it relates to the news out of Beijing. Finally, I'll talk a little about what Apple can do about it — something that is likely to be as much of a political problem as a technical one.
As always, rest will be in the "fun" question-and-answer format I use for these posts.
Further information on Apple changing software specifically for the Chinese market is described in the 2022 article below.
Apple limited a crucial AirDrop function in China just weeks before protests
Apple limited a crucial AirDrop function in China just weeks before protests:
Protests in China have attracted international attention as the greatest challenge of President Xi Jinping's premiership and a major knock to the Chinese Communist Party's (CCP) longstanding authority.
But their spread within China was partially hobbled by a key change in Apple's AirDrop feature, launched just weeks before the unrest.
AirDrop, which allows users to share content between Apple devices, has become an important tool in protestors' efforts to circumvent authoritarian censorship regimes over recent years.
That is because it relies on wireless connections between phones, rather than internet connectivity, placing it beyond the scope of internet content moderators. It uses Bluetooth to form a peer-to-peer Wi-Fi network between two devices.
The tool was used widely during Hong Kong's 2019 pro-democracy protests, when demonstrators would share messages and protest literature with passers by and visitors from mainland China through AirDrop's open network.
More recently, in mid-October, AirDrop was reportedly used to disseminate messages based on banners produced by a Beijing demonstrator known as "Bridge man."