demonstration

AirCollect: efficiently recovering hashed phone numbers leaked via Apple AirDrop

Authors:

Christian WeinertAuthors Info & Claims

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 371 - 373

https://doi.org/10.1145/3448300.3468252

Published: 28 June 2021 Publication History

Get Access

Abstract

Apple's file-sharing service AirDrop leaks phone numbers and email addresses by exchanging vulnerable hash values of the user's own contact identifiers during the authentication handshake with nearby devices. In a paper presented at USENIX Security'21, we theoretically describe two attacks to exploit these vulnerabilities and propose "PrivateDrop" as a privacy-preserving drop-in replacement for Apple's AirDrop protocol based on private set intersection.

In this demo, we show how these vulnerabilities are efficiently exploitable via Wi-Fi and physical proximity to a target. Privacy and security implications include the possibility of conducting advanced spear phishing attacks or deploying multiple "collector" devices in order to build databases that map contact identifiers to specific locations. For our proof-of-concept, we leverage a custom rainbow table construction to reverse SHA-256 hashes of phone numbers in a matter of milliseconds. We discuss the trade-off between success rate and storage requirements of the rainbow table and, after following responsible disclosure with Apple, we publish our proof-of-concept implementation as "AirCollect" on GitHub.

References

[1]

Dmitry Chastuhin. Apple Bleee: Everyone Knows What Happens on Your iPhone. July 25, 2019. url: https://hexway.io/research/apple-bleee/ (visited on 10/15/2020).

Google Scholar

[2]

Datafinder. Recover Encrypted Email Addresses. 2020. url: https://web.archive.org/web/20191211152224/https://datafinder.com/products/email-recovery (visited on 10/15/2020).

Google Scholar

[3]

Christoph Hagen and Sebastian Schindler. RainbowPhones. 2021. url: https://github.com/contact-discovery/rt_phone_numbers.

Google Scholar

[4]

Christoph Hagen, Christian Weinert, Christoph Sendner, Alexandra Dmitrienko, and Thomas Schneider. "All the Numbers are US: Large-scale Abuse of Contact Discovery in Mobile Messengers". In: NDSS. 2021. url: https://www.ndss-symposium.org/wp-content/uploads/ndss2021_1C-3_23159_paper.pdf.

Google Scholar

[5]

Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, and Christian Weinert. "PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop". In: USENIX Security Symposium. 2021. url: https://www.usenix.org/conference/usenixsecurity21/presentation/heinrich.

Google Scholar

[6]

Milan Stute. Extracting Apple ID Validation Record, Certificate, and Key for AirDrop. 2020. url: https://github.com/seemoo-lab/airdrop-keychain-extractor.

Google Scholar

[7]

Milan Stute and Alexander Heinrich. OpenDrop: An Open Source AirDrop Implementation. 2019. url: https://github.com/seemoo-lab/opendrop.

Google Scholar

[8]

Milan Stute, David Kreitschmann, and Matthias Hollick. "One Billion Apples' Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol". In: International Conference on Mobile Computing and Networking. ACM, 2018.

Digital Library

Google Scholar

[9]

Milan Stute, Sashank Narain, Alex Mariotto, Alexander Heinrich, David Kreitschmann, Guevara Noubir, and Matthias Hollick. "A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link". In: USENIX Security Symposium. 2019. url: https://www.usenix.org/conference/usenixsecurity19/presentation/stute.

Google Scholar

Cited By

View all

Hagen CWeinert CSendner CDmitrienko ASchneider T(2022)Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient MitigationsACM Transactions on Privacy and Security10.1145/354619126:1(1-44)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3546191

Index Terms

AirCollect: efficiently recovering hashed phone numbers leaked via Apple AirDrop
1. Networks
  1. Network protocols
2. Security and privacy
  1. Network security
    1. Mobile and wireless security

Recommendations

Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link
MobiCom '18: Proceedings of the 24th Annual International Conference on Mobile Computing and Networking

Apple Wireless Direct Link (AWDL) is a proprietary and undocumented wireless ad hoc protocol that Apple introduced around 2014 and which is the base for applications such as AirDrop and AirPlay. We have reverse engineered the protocol and explain its ...
Controlling and disclosing your personal information

As organizations come to rely on the collection and use of personal information in order to complete the transactions and providing good services to their users, more and more user personal information is being shared with web service providers leading ...
A Large-Scale Study of iPhone App Launch Behaviour
CHI '18: Proceedings of the 2018 CHI Conference on Human Factors in Computing Systems

There have been many large-scale investigations of users' mobile app launch behaviour, but all have been conducted on Android, even though recent reports suggest iPhones account for a third of all smartphones in use. We report on the first large-scale ...

Comments

Information & Contributors

Information

Published In

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 2021

412 pages

ISBN:9781450383493

DOI:10.1145/3448300

General Chairs:
Christina Pöpper
New York University Abu Dhabi, AE
,
Mathy Vanhoef
New York University Abu Dhabi, AE
,
Program Chairs:
Lejla Batina
Radboud University, NL
,
René Mayrhofer
Johannes Kepler University Linz, AT

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 June 2021

Check for updates

Author Tags

Qualifiers

Demonstration

Funding Sources

German Federal Ministry of Education and Research
Deutsche Forschungsgemeinschaft (DFG)
LOEWE initiative (Hesse, Germany)
European Research Council (ERC)
Hessian State Ministry for Higher Education, Research and the Arts within ATHENE

Conference

WiSec '21

Sponsor:

SIGSAC

WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 28 - July 2, 2021

Abu Dhabi, United Arab Emirates

Acceptance Rates

WiSec '21 Paper Acceptance Rate 34 of 121 submissions, 28%;

Overall Acceptance Rate 98 of 338 submissions, 29%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
225
Total Downloads

Downloads (Last 12 months)41
Downloads (Last 6 weeks)2

Reflects downloads up to 04 Feb 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Hagen CWeinert CSendner CDmitrienko ASchneider T(2022)Contact Discovery in Mobile Messengers: Low-cost Attacks, Quantitative Analyses, and Efficient MitigationsACM Transactions on Privacy and Security10.1145/354619126:1(1-44)Online publication date: 7-Nov-2022
https://dl.acm.org/doi/10.1145/3546191

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

PDF

eReader

View online with eReader.

eReader

Abstract

References

Cited By

Index Terms

Recommendations

Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link

Controlling and disclosing your personal information

A Large-Scale Study of iPhone App Launch Behaviour

Comments

Information

Published In

Sponsors

Publisher

Publication History

Check for updates

Author Tags

Qualifiers

Funding Sources

Conference

Acceptance Rates

Contributors

Other Metrics

Bibliometrics

Article Metrics

Other Metrics

Citations

Cited By

Login options

Full Access

View options

PDF

eReader

Share

Share this Publication link

Share on social media

Affiliations