it just (net)works - black hat briefings · it just (net)works the truth about ios' ... mc api...
TRANSCRIPT
![Page 1: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/1.jpg)
It Just (Net)worksThe Truth About iOS'
Multipeer Connectivity Framework
Alban Diquet!@nabla_c0d3
![Page 2: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/2.jpg)
About me
• iOS Security Researcher at Data Theorem
• Before: Principal Security Consultant at iSEC Partners
• Tools: SSLyze, Introspy, iOS SSL Kill Switch
2
![Page 3: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/3.jpg)
Agenda
• What is Multipeer Connectivity?
• Reversing the MC protocol(s)
• Security analysis of MC
3
![Page 4: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/4.jpg)
What is Multipeer Connectivity?
4
![Page 5: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/5.jpg)
5
Multipeer Connectivity
![Page 6: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/6.jpg)
Demo
6
![Page 7: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/7.jpg)
Motivation
7
![Page 8: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/8.jpg)
Reversing the MC protocol(s)
8
![Page 9: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/9.jpg)
• The App can specify an encryptionPreference
• Three encryption levels:
• No further explanation in the documentation
MC API - Encryption
9
![Page 10: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/10.jpg)
• The App can specify a securityIdentity
• A "security identity" is an X509 certificate and the corresponding private key
• The peer’s identify when pairing with other peers
• A callback has to be implemented for validating other peers’ certificates/identities during pairing:
MC API - Authentication
10
![Page 11: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/11.jpg)
Test Setup• Macbook in WiFi Access Point mode +
Wireshark
• Sample MC App with default MC settings
• Two devices:
• iPad Air with Bluetooth disabled
• iOS Simulator
11
![Page 12: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/12.jpg)
12
![Page 13: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/13.jpg)
13
![Page 14: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/14.jpg)
14
A B
![Page 15: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/15.jpg)
15
??? over TCP!!
STUN / ICE!
Bonjour!!
A B
??? over UDP!!
![Page 16: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/16.jpg)
16
??? over TCP!!
STUN / ICE!
Bonjour!!
A B
??? over UDP!!
![Page 17: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/17.jpg)
17
??? over TCP!!
STUN / ICE!
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A B
??? over UDP!!
![Page 18: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/18.jpg)
18
??? over TCP!!
STUN / ICE!
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A B
??? over UDP!!
![Page 19: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/19.jpg)
19
![Page 20: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/20.jpg)
20
![Page 21: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/21.jpg)
Mystery Protocol #1• Peer connects to the other peer over TCP
• Each peer sends their “PeerID” first
• (random) “idString” + device name
• For example: ”ory2g6r8fkq+iPhone Simulator”
• Three plists are then exchanged
21
![Page 22: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/22.jpg)
22
A B
![Page 23: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/23.jpg)
23
A B
![Page 24: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/24.jpg)
24
A B
![Page 25: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/25.jpg)
25
A
![Page 26: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/26.jpg)
26
A B
![Page 27: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/27.jpg)
27
A B
![Page 28: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/28.jpg)
28
A B
![Page 29: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/29.jpg)
29
A B
![Page 30: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/30.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
30
![Page 31: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/31.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
31
• The peer’s security settings as bit fields:
• Encryption level (optional = X00, none = X10, required = X01 )
• Whether authentication is enabled (yes = 1XX, no = 0XX)
• No X509 certificate/identity yet
![Page 32: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/32.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
32
• Then a list of local "candidate" IP addresses
!
!
![Page 33: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/33.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
33
• Then a list of local "candidate" IP addresses
• 192.168.1.8
!
![Page 34: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/34.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
34
• Then a list of local "candidate" IP addresses
• 192.168.1.8
• 169.254.234.105
• Etc…
![Page 35: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/35.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
35
• Then some kind of IDs (according to debug logs)?
!
![Page 36: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/36.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
36
• Then some kind of IDs (according to debug logs)?
• 6F7D4FE3, etc…
![Page 37: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/37.jpg)
37
GCK1 over TCP!Exchange peer names, security options
and "candidate" UDP sockets
STUN / ICE!
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A B
??? over UDP!!
![Page 38: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/38.jpg)
38
STUN / ICE!
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A BGCK1 over TCP!
Exchange peer names, security options and "candidate" UDP sockets
??? over UDP!!
![Page 39: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/39.jpg)
Interactive Connectivy Establishement
39
![Page 40: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/40.jpg)
40
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A BGCK1 over TCP!
Exchange peer names, security options and "candidate" UDP sockets
??? over UDP!!
![Page 41: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/41.jpg)
41
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A BGCK1 over TCP!
Exchange peer names, security options and "candidate" UDP sockets
??? over UDP!!
![Page 42: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/42.jpg)
Mystery Protocol #2
42
![Page 43: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/43.jpg)
Mystery Protocol #2
43
![Page 44: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/44.jpg)
Mystery Protocol #2• It’s the protocol used when App data is being exchanged
• Not plaintext… but Wireshark doesn’t know what it is
• Clues:
• Authentication in the MC API relies on X509 certificates
•
44
![Page 45: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/45.jpg)
Mystery Protocol #2• It’s the protocol used when App data is being exchanged
• Not plaintext… but Wireshark doesn’t know what it is
• Clues:
• Authentication in the MC API relies on X509 certificates
• When setting a breakpoint on SSLHandshake(), it does get triggered…
45
![Page 46: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/46.jpg)
Mystery Protocol #2• It’s the protocol used when App data is being exchanged
• Not plaintext… but Wireshark doesn’t know what it is
• Clues:
• Authentication in the MC API relies on X509 certificates
• When setting a breakpoint on SSLHandshake(), it does get triggered…
46
![Page 47: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/47.jpg)
47
Mystery Protocol #2
openssl s_client -dtls1 -connect someserver:443
![Page 48: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/48.jpg)
48
Mystery Protocol #2
openssl s_client -dtls1 -connect someserver:443
![Page 49: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/49.jpg)
49
Mystery Protocol #2
openssl s_client -dtls1 -connect someserver:443
![Page 50: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/50.jpg)
Pro Packet Trace Editing
50
![Page 51: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/51.jpg)
Pro Packet Trace Editing
51
• Success!
![Page 52: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/52.jpg)
Mystery Protocol #2
52
• DTLS 1.0 with the byte 0xd0 appended to every DTLS record
• _gckSessionRecvMessage()
• Inside the DTLS stream
• Simple plaintext protocol
• The other peer’s PeerID + App data/messages
![Page 53: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/53.jpg)
53
GCK2 over UDP!Perform DTLS handshake, check the other
peer’s identity, exchange data
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A BGCK1 over TCP!
Exchange peer names, security options and "candidate" UDP sockets
![Page 54: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/54.jpg)
54
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
GCK1 over TCP!Exchange peer names, security options
and network information
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
Discovery Phase
GCK2 over UDP!Perform DTLS handshake, check the other
peer’s identity, exchange dataSession Phase
A B
![Page 55: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/55.jpg)
Security Analysis of Multipeer Connectivity
55
![Page 56: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/56.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication
With Authentication
56
![Page 57: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/57.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication
With Authentication
57
![Page 58: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/58.jpg)
MC Security Analysis• MCEncryptionRequired With Authentication:
DTLS with mutual authentication
• Each peer sends their certificate and validate the other side’s certificate
• RSA & EC-DSA TLS Cipher Suites
• 30 cipher suites supported in total including PFS cipher suites.!
• In practice, TLS_RSA_WITH_AES_256_CBC_SHA256 is always negotiated, which doesn’t provide PFS
58
![Page 59: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/59.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication
With Authentication No PFS
59
![Page 60: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/60.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication
With Authentication No PFS
60
![Page 61: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/61.jpg)
MC Security Analysis• MCEncryptionRequired Without Authentication:
DTLS with Anonymous TLS Cipher Suites
• No certificates exchanged
• “Anon" AES TLS cipher suites:
• TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256
61
![Page 62: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/62.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication MiTM
With Authentication No PFS
62
![Page 63: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/63.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication MiTM
With Authentication No PFS
63
![Page 64: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/64.jpg)
MC Security Analysis
• MCEncryptionNone Without Authentication: No DTLS - Plaintext GCK2 protocol
64
![Page 65: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/65.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MiTM
With Authentication No PFS
65
![Page 66: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/66.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MiTM
With Authentication No PFS
66
![Page 67: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/67.jpg)
MC Security Analysis• MCEncryptionNone With Authentication:
DTLS with mutual authentication
• Each peer send their certificate and validate the other side’s certificate
• Plaintext / “No Encryption” TLS Cipher Suites!
• TLS_RSA_WITH_NULL_SHA ,TLS_RSA_WITH_NULL_SHA256
67
![Page 68: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/68.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MiTM
With Authentication Plaintext No PFS
68
![Page 69: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/69.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MiTM
With Authentication Plaintext No PFS
69
![Page 70: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/70.jpg)
MC Security Analysis• MCEncryptionOptional With Authentication!
• ”The session prefers to use encryption, but will accept unencrypted connections”
70
![Page 71: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/71.jpg)
Conclusion
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext No PFS
71
![Page 72: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/72.jpg)
Conclusion
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext No PFS
72
![Page 73: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/73.jpg)
MC Security Analysis• MCEncryptionOptional With Authentication!
• ”The session prefers to use encryption, but will accept unencrypted connections”
• Two peers using MCEncryptionOptional with Authentication should get the same security as MCEncryptionRequired (ie. use DTLS)
• Authentication should prevent a man-in-the-middle from tampering with the network traffic
73
![Page 74: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/74.jpg)
74
GCK2 over UDP!Perform DTLS handshake, check the other
peer’s identity, exchange data
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
GCK1 over TCP!Exchange peer names, security options
and "candidate" UDP sockets
![Page 75: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/75.jpg)
75
MCEncryptionOptional!Authentication Enabled
MCEncryptionOptional!Authentication Enabled
DTLS with RSA / AES cipher suite
ICE / STUN
Bonjour
• Encrypted & authenticated traffic • Same security as MCEncryptionRequired
![Page 76: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/76.jpg)
76
Bonjour
![Page 77: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/77.jpg)
77
MCEncryptionOptional!Authentication Enabled
Bonjour
![Page 78: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/78.jpg)
78
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
Bonjour
![Page 79: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/79.jpg)
79
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
Bonjour
![Page 80: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/80.jpg)
80
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
ICE / STUN
Bonjour
![Page 81: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/81.jpg)
81
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
DTLS with NULL cipher suite
ICE / STUN
Bonjour
• Plaintext traffic (authenticated)!• No post-auth checks on the
MCEncryption parameters exchanged!• Same security as MCEncryptionNone
![Page 82: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/82.jpg)
MCEncryptionOptional Downgrade Attack
82
![Page 83: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/83.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext MitM
(Downgrade) No PFS
83
![Page 84: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/84.jpg)
Conclusion
84
![Page 85: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/85.jpg)
Conclusion• Most security settings work as advertised by the MC API
• Except for MCEncryptionOptional with Authentication
• Some combinations should never be used
• MCEncryptionOptional
• MCEncryptionNone with Authentication
• Only MCEncryptionRequired with Authentication is secure
85
![Page 86: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/86.jpg)
Conclusion
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext MitM
(Downgrade) No PFS
86
![Page 87: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/87.jpg)
Conclusion
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext MitM
(Downgrade) No PFS
87
![Page 88: It Just (Net)works - Black Hat Briefings · It Just (Net)works The Truth About iOS' ... MC API - Encryption 9 ... • 30 cipher suites supported in total including PFS](https://reader031.vdocument.in/reader031/viewer/2022022622/5bb2ea7309d3f285758d9fb0/html5/thumbnails/88.jpg)
Conclusion• Possible improvements to the MC Framework:
• MCEncryptionRequired with Authentication:
• Prioritize PFS TLS Cipher Suites
• MCEncryptionOptional with Authentication:
• Peers should validate security parameters post-authentication to prevent downgrade attacks
• Better: remove MCEncryptionOptional and make MCEncryptionRequired the default setting?
88