Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity

Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity

Proceedings on Privacy Enhancing Technologies ; 2020 (1):26–46 Guillaume Celosia* and Mathieu Cunche Discontinued Privacy: Personal Data Leaks in Apple Bluetooth-Low-Energy Continuity Protocols Abstract: Apple Continuity protocols are the under- 1 Introduction lying network component of Apple Continuity services which allow seamless nearby applications such as activ- Smart devices interacting with each other are bring- ity and file transfer, device pairing and sharing a net- ing new types of applications that simplify configura- work connection. Those protocols rely on Bluetooth Low tion procedures and enhance users experience. Those Energy (BLE) to exchange information between devices: new applications include sending a file to a nearby de- Apple Continuity messages are embedded in the pay- vice, transferring an activity to another device, network load of BLE advertisement packets that are periodically connection sharing, etc. Major vendors have developed broadcasted by devices. Recently, Martin et al. identi- protocols to enable those features: Google Nearby [2], fied [1] a number of privacy issues associated with Apple Microsoft Connected Devices Platform (CDP) [3] and Continuity protocols; we show that this was just the tip protocols used by Apple Continuity [4]. The family of of the iceberg and that Apple Continuity protocols leak protocols developed by Apple, called Apple Continu- a wide range of personal information. ity protocols, can be found in all Apple products but In this work, we present a thorough reverse engineering also in devices from third-party companies1. Thus, Ap- of Apple Continuity protocols that we use to uncover a ple Continuity protocols are embedded in more than collection of privacy leaks. We introduce new artifacts, one billion active devices [7], including smartphones, including identifiers, counters and battery levels, that laptops, earphones, smartwatches and smarthome appli- can be used for passive tracking, and describe a novel ances. Within those devices, Apple Continuity proto- active tracking attack based on Handoff messages. Be- cols enable a range of services such as activity transfer, yond tracking issues, we shed light on severe privacy remote printing and smarthome monitoring. flaws. First, in addition to the trivial exposure of device Apple Continuity protocols rely on Bluetooth Low characteristics and status, we found that HomeKit ac- Energy (BLE) for the transport of information over the cessories betray human activities in a smarthome. Then, air: messages of continuity protocols are carried by BLE we demonstrate that AirDrop and Nearby Action pro- advertisement packets that are broadcasted and thus tocols can be leveraged by passive observers to recover made available to all nearby devices. e-mail addresses and phone numbers of users. Finally, Wireless communications functionalities of smart we exploit passive observations on the advertising traffic devices can represent privacy threats for users. In par- to infer Siri voice commands of a user. ticular, Wi-Fi and Bluetooth/BLE signals can be used Keywords: Bluetooth Low Energy; Privacy; Tracking; for users tracking [8, 9] and to infer other private at- Activity inference; Inventory attacks; Perceptual hash- tributes [10–12]. To remedy to the tracking issue, the ing; Guesswork; Protocol. Bluetooth Core Specification version 4.0 introduced the LE Privacy feature [13, Vol 3, Part C, sec. 10.7] that DOI 10.2478/popets-2020-0003 Received 2019-05-31; revised 2019-09-15; accepted 2019-09-16. defines the use of temporary and random link layer iden- tifiers. Several works [14, 15] have highlighted privacy is- sues associated with BLE showing that devices can still be tracked despite LE Privacy provisions. Furthermore, *Corresponding Author: Guillaume Celosia: Univ Lyon, several serious issues have been recently discovered [1] INSA Lyon, Inria, CITI, in Apple Continuity protocols, allowing an attacker to F-69621 Villeurbanne, France, track a device based on passive and active attacks. E-mail: [email protected] Mathieu Cunche: Univ Lyon, INSA Lyon, Inria, CITI, F-69621 Villeurbanne, France, E-mail: [email protected] 1 Apple certified vendors [5] and HomeKit accessories manufac- turers [6]. Discontinued Privacy: Leaks in Apple BLE Continuity Protocols 27 In this paper, we pursue on the path started by Mar- nels of BLE. An advertisement packet is composed of tin et al. [1] and present a collection of new privacy is- a header and a payload. The payload contains an ad- sues in Apple Continuity protocols. Based on a detailed vertising device address and up to 31 bytes of data, reverse engineering of Apple Continuity protocols, we organized in Advertisement Data (AD) structures that demonstrate how information exposed in cleartext in carry information about the device. An AD structure is BLE advertisement packets can be used for tracking composed of a 1-byte field indicating the length of the but also to reveal personal information and users activ- AD (excluding itself), followed by a 1-byte field spec- ities. Our contributions are outlined as follows: ifying the type2 of the AD and finally, a sequence of – We present an extensive reverse engineering of Ap- up to 29 bytes of data (see Fig. 1). One AD struc- ple Continuity protocols along with the format of ture type, called Manufacturer Specific Data (code corresponding messages (Section 3); 0xFF), is dedicated to the transport of data for custom – We identify new fields of Apple Continuity mes- applications defined by the manufacturer. sages leverageable for passive tracking (Section 4); – We introduce a novel active attack that can be used 2.2 BLE privacy to track a user and to link devices belonging to the same iCloud account (Section 5); While advertising, BLE devices are identified by a Blue- – We find that several fields expose characteristics of tooth device address, a 48-bit identifier found within the device (model, OS version, color, etc.) and infor- the Advertising Address (AdvA) field of the advertising mation on the device status that could be leveraged payload. As part of the LE Privacy feature, BLE has to infer the ongoing activity (Section 6); introduced random addresses in addition to the glob- – We show that messages broadcasted by HomeKit ally unique MAC address [16]. Thus, there are 4 types accessories include a Global State Number (GSN) of device addresses in BLE: that leaks the activity in a smarthome (Section 7); Public device address: The address uniquely allo- – We discover that AirDrop and Nearby Action mes- cated to the device by the manufacturer in accordance sages include hashed e-mail addresses and phone to the IEEE MAC address specifications [17, sec. 8.2]. numbers, and we demonstrate how they can be re- covered through a guesswork attack (Section 8); Random Static device address: A randomly gener- – We found that Siri messages include a perceptual ated address that can be renewed after each power cycle hash of voice commands and demonstrate how it and that shall not change during the use of the device. can be exploited to infer a command (Section 9); Random Non-resolvable device address: A ran- – We provide a discussion on the impact of the dis- domly generated address that can be renewed at any covered attacks (Section 10); time. – We discuss potential solutions to remedy to the Random Resolvable device address: An address identified issues (Section 11). generated using a random value and an Identity Reso- lution Key (IRK), that can only be resolved by devices 2 Background knowing the IRK. Furthermore, the Bluetooth Core Specification [18, 2.1 BLE protocol Vol 3, Part C, App. A] recommends to renew Random Non-resolvable and Random Resolvable addresses at BLE is a 2.4 GHz ISM band radio communication stan- most every 15 minutes. dard that has been introduced in 2010 as part of the Bluetooth Core Specification version 4.0 [13, Vol 6]. 2.3 Continuity protocols BLE operates on 40 physical channels: 3 of those chan- nels are dedicated to the discovery mechanism called Continuity protocols are network mechanisms used to advertisement while the 37 remaining channels are used enable short range communications for services running for data transmissions. on mobile devices and connected appliances. They con- The advertisement discovery mechanism allows stitute the network element of Apple Continuity ser- BLE devices to advertise their presence and character- istics to nearby devices. It relies on the broadcasting of advertisement packets on the 3 advertisement chan- 2 https://www.bluetooth.com/specifications/assigned- numbers/generic-access-profile Discontinued Privacy: Leaks in Apple BLE Continuity Protocols 28 vices [4], and similar protocols have been developed the Received Signal Strength Indicator (RSSI) to filter by major vendors: Google Nearby [2] and Microsoft out packets coming from other devices. CDP [3]. Typical continuity services include activity All the tests were performed in our laboratory transfer, multimedia content streaming, file sharing, de- against Apple devices owned by the authors and their vice pairing, monitoring and control of connected home institutions. Those tests involved a range of Apple de- appliances to name a few. vices including iPhone smartphones, iPad tablets, Air- Continuity protocols typically rely on wireless tech- Pods earphones, MacBook laptops, Apple Watch smart- nologies such as Bluetooth/BLE and Wi-Fi to carry in- watches that were running across different versions of formation between devices. As they are directly used Apple iOS, macOS and watchOS operating systems. We by applications, such protocols can be seen as part of considered products from partner companies too that the Application Layer of the OSI model. However, they are compatible with the Apple ecosystem such as the sometimes include features of other layers such as the Eve Motion sensor and the Osram Smart+ lightbulb. Session and Transport Layers (sequence number and re- We also relied on debugging tools provided by connection). Because they only involve device-to-device Apple, PacketLogger and PacketDecoder. Those tools, communications, the Network Layer is limited to a bare available on the Apple Developer5 website, provide in- minimum.

View Full Text

Details

  • File Type
    pdf
  • Upload Time
    -
  • Content Languages
    English
  • Upload User
    Anonymous/Not logged-in
  • File Pages
    21 Page
  • File Size
    -

Download

Channel Download Status
Express Download Enable

Copyright

We respect the copyrights and intellectual property rights of all users. All uploaded documents are either original works of the uploader or authorized works of the rightful owners.

  • Not to be reproduced or distributed without explicit permission.
  • Not used for commercial purposes outside of approved use cases.
  • Not used to infringe on the rights of the original creators.
  • If you believe any content infringes your copyright, please contact us immediately.

Support

For help with questions, suggestions, or problems, please contact us