Security Flaws in Apple’s AWDL Protocol Could Lead to Tracking, MITM & Other Types of Attacks

• Apple’s AWDL protocol powers the company’s AirDrop and AirPlay features, found in over 1.2 billion Apple-made devices.
• Four types of security vulnerabilities have been found to exist in the AWDL protocol, as reported by a group of security researchers from Germany. 
• Apple has already fixed one vulnerability. However, other vulnerabilities will remain open for the foreseeable future.

Even though they can be hugely useful and convenient, Apple’s AirDrop and AirPlay also pose a significant security risk. That’s because both of those technologies are based on the ‘Apple Wireless Direct Link’ (AWDL) protocol, present on more than 1.2 billion devices. Despite its closed nature, this protocol has been thoroughly examined by cybersecurity experts, who have now published their findings. As it turns out, AWDL comes with several vulnerabilities that enable different kinds of exploitations, some of which can be incredibly serious.

Cybersecurity experts at the Technical University of Darmstadt (Germany) have been dissecting Apple’s AWDL protocol during the last year, and they came up with interesting conclusions. By reverse-engineering the protocol and re-writing it as a C-implementation named OWL (Open Wireless Protocol), they managed to test the AWDL for various attacks. In conclusion, they’ve discovered the following four vulnerabilities:

• MITM Attacks: The AWDL protocol can be used in a man-in-the-middle attack where a malicious actor could hijack a file transfer process. In other words, a MITM attack can be used to intercept and modify file transfers done via AirDrop, which could be then used to inject malicious files.
• Device Tracking Attacks: Even though there’s MAC randomization present, the AWDL protocol is susceptible to long-term device tracking which reveals information such as the name of the device owner (in more than 75% of experiment cases).
• DoS Attacks: This type of attack is aimed at the election mechanism of AWDL and could be used to desynchronize the target’s channel sequences, which effectively prevents communication with other devices.
• Wi-Fi Driver Vulnerability: It’s possible to crash Apple devices in close proximity by injecting frames that could target a single or several devices at the same time.

To illustrate their theory, the security researchers have posted a YouTube video showing the previously mentioned MITM attack in action. The video shows how a third-party could modify files in transit, which opens the possibility of injecting malware.

All of the previously mentioned vulnerabilities have already been reported to Apple. The company managed to issue a security update in May, fixing the AWDL DoS bug (CVE-2019-8612). This means that the fix has already been applied to your device if you’re running iOS 12.3, tvOS 12.3, watchOS 5.2.1, or macOS 10.14.5. The rest of the vulnerabilities require the redesign of some of Apple’s services, which means that they’ll stay exploitable for the foreseeable future.

It’s also interesting to note that some of these AWDL vulnerabilities affect Android devices as well. That’s because the Wi-Fi Alliance has adopted the AWDL standard for Neighbor Awareness Network-ing, also known as ‘Wi-Fi Aware’. Since this technology uses AWDL’s design, there’s a high possibility that these two technologies share the same vulnerabilities as well.

You can read about these AWDL vulnerabilities in a whitepaper posted by the researchers. Additional details will be revealed at the USENIX security conference presentation in mid-August.

How frequently do you use Apple’s AirDrop and AirPlay? Are you worried about these security vulnerabilities? Let us know in the comments section below, and don’t forget to follow us via our social media profiles, on Facebook and Twitter. Thanks!