2022 Jailbreak Security Summit: Christine Fossaceca: Handoff All Your Privacy (again).
What information is your iPhone or MacBook giving away about you? iOS and macOS use a variety of proprietary protocols under the "Continuity" umbrella to share information across a user’s devices and provide a "seamless experience". However, much of this information is passed in the clear and can be sniffed, captured, or mimicked by other nearby devices.
This talk will demonstrate privacy considerations and the private information being passed in the clear via Apple’s proprietary Bluetooth Continuity protocol, including one called "Handoff". This talk will highlight previous Bluetooth research performed by the FuriousMAC research team and demonstrate how others can build upon this research using the tools provided by FuriousMAC and others in the Apple researcher community! It will also dispel the myths around AirTags and explain what they DO and DON'T share in the clear, as well as tips for stalker-prevention that leverage the anti-tracking framework.
Christine Fossaceca is a senior mobile security researcher and reverse engineer at Microsoft. She has experience with Android and iOS. Christine is an IDA Pro afficionado, but is learning to like Ghidra, too. She loves Apple device research and tries not to let her dog distract her too much. Follow her on Twitter @x71n3 and listen to her new podcast (herhaxpodcast.com) about breaking into a career in cybersecurity!
Christine Fossaceca: All right. So this talk is called "Handoff All Your Privacy Again." And seriously, please turn off your Bluetooth. It might mess up my demo, and I will see you on screen, so I'll know who messed up my demo if it doesn't work. All right. So first, a little bit about me - my name is Christine Fossaceca, and I'm a senior reverse engineer at Microsoft. So many people probably know that Microsoft does Windows protection, but we actually protect devices across all platforms - Linux, Mac OS, Android and iOS. So I'm on the defender for endpoint team doing Android and iOS. So I also am part of the Furious MAC research team, which is a collaboration between MITRE, the Naval Academy and now me at Microsoft. I was previously at MITRE. And that research team is the team that found all this information about Apple, disclosed to Apple and have been publishing research on it pretty much ever since.
Christine Fossaceca: I'm also co-host of a podcast called "HerHax Podcast" - going to move this a little close to my mouth, maybe. OK. There we go. So it just released. It's streaming everywhere you get your podcasts. So I would love you guys to take a listen. It's made by women in cybersecurity for everyone. We talk about our careers in cybersecurity and our different experiences. We also do technical topics. So I did a Bluetooth hacking Twitter Space a couple of weeks ago.
Christine Fossaceca: So in my talk, I'm going to go over, first, what is the continuity protocol. And then I'm going to talk to you about how you can capture continuity data yourself. And then I'm going to do a packet breakdown. So that one's going to get into the nitty-gritty of Wireshark when you see a packet breakdown and what it looks like, every time you capture a continuity packet and how to parse all of the different packets because there's tons of different information that Apple is beaconing when you're using continuity. I'm also going to do a live demo, and that will kind of be intermission because after that, we're going to talk about AirTags, which is a huge portion of the continuity protocol.
Christine Fossaceca: So what information is your iPhone or MacBook giving away about you? So there's a lot of proprietary protocols under the continuity umbrella. Continuity is a protocol created by Apple that is Bluetooth and Wi-Fi together. I'm only going to be talking about Bluetooth today, but the goal of it is for end user experience. So end users should be able to have a seamless experience across all of their Apple devices. This will be a feature like instant hotspot, shared clipboard, browser continuation from your iPhone to your MacBook, things like that.
Christine Fossaceca: The problem is that it actually has a lot of privacy considerations. So we reverse engineered the continuity protocols starting back in 2018, and we disclosed to Apple a lot of information that was being beaconed in the clear. Apple did change some of these things. We also found that there were some really great privacy implementations that were just poorly implemented. So Apple fixed those. So I listed a few of our papers. The first one was called "Handoff All Your Privacy." There's also a few other researchers from other institutions that have done similar things and built off of our research. So I wanted to shout out to University of Lyon in France, which had the discontinued privacy paper. I wanted to shoutout TU Darmstadt. They generate a lot of tools. And so they are very, very knowledgeable about the Apple platform. So if you're interested, check out their research in addition to ours. So something that's really important to know about this is Apple's beaconing this data in the clear. It can be sniffed, captured or mimicked by other devices.
Christine Fossaceca: So you might be wondering, what is some of this information that's being sent in the clear? So I'm just going to - this was - I'm just going to shoot screen pause on this just so you can see. This is a sneak peek into what the demo will be. So some information that's being beaconed in the clear is whether the Wi-Fi on your phone is on or off, whether your AirDrop is on or off, whether you have AirPods connected to your phone, whether or not your watch is locked and even iOS version information. So how am I capturing all of this data? Using some commercial products that you can just buy yourself from the internet.
Christine Fossaceca: So if you've heard of Ubertooth - that's made from Great Scott Gadgets - we have supporting documentation in our repository for both the Ubertooth and for the NRF. The NRF dongle's made by Nordic Semiconductor. I prefer the Ubertooth because it's what I've used and I've been able to get consistently to build. But the NRF is also a very good option. The antenna's not as big, so it doesn't crash as frequently because you have a lot smaller of a collection. You're not collecting packets, like, that are super far away. So I definitely recommend that if you want to have a more reliable demo.
Christine Fossaceca: I'm not going to go into the build instructions because Sam did that in a previous talk on this. But everything is in our repository, so check out our GitHub, where we talk about how you can do this yourself. Once you have an Ubertooth or Nordic Semiconductor NRF dongle, all you need is Wireshark. You have to compile it from source because we built a custom dissector that will parse all these packets, but you have to build Wireshark from source to be able to do that at this time. That's just how Wireshark is built.
Christine Fossaceca: All right. So now I'm going to talk about the different types of packets. So once you're able to collect those packets, you need to know how to parse them. And Apple has a Bluetooth frame format that shows you how to parse each individual packet. So I thought this is kind of, like, boring. If I went through some individual packets, it might be a lot more clear how these are broken up. So the first thing that you're going to see here is the access address. And this helps to differentiate these packets between classic Bluetooth and Bluetooth low energy. Bluetooth energy packets always have the same access address. So this is static in all of the Bluetooth low-energy packets, and it's always going to be at this 24 byte offset. So because I'm only going to talk to you about Apple-specific information that's being beaconed, we're going to ignore everything before that 'cause that's Bluetooth-related but not specific to Apple.
Christine Fossaceca: The next packet - the next set of bytes is the packet header, which is also not Apple-specific, so just going to skip over that. The next thing is the advertising address. And so I want to talk about this because even though all Bluetooth low-energy devices do have an advertising address, it's actually not the same across devices. So some devices, especially a lot older devices, will usually beacon the same Bluetooth advertising address, which you can think of as a MAC address.
Christine Fossaceca: So the Bluetooth MAC address used to be static for a lot of devices, which for privacy considerations is terrible because if you're going from coffee shop to your work to the dry cleaner to your home, you don't want the same MAC address connecting or beaconing wherever you are. So Apple has implemented private MAC addresses, and they also have a rule for any devices that want to be a part of the Apple continuity framework. They need to cycle their MAC addresses every 15 minutes for privacy. So you can see that when you capture the packet because the advertising address is sent in the clear. It has to be. It's part of the protocol.
Christine Fossaceca: So the advertising address is stored in reverse byte endian order. So I just wanted to show that to you. So if you are collecting this and you want to make modifications to the parser, just be aware of the endianness. So the next set of bytes can get a little bit tricky when you're doing parsing because there's an optional field. So that blue field is optional. So we're going to skip over that and go two fields further to the manufacturing field because once we find the manufacturing field, then we can figure out if the optional field is there or not.
Christine Fossaceca: So in Bluetooth low energy, because it's utilized by so many different companies, there's actually a byte field FF that's in these packets saying, hey, manufacturer-specific data is coming, and then the next two bytes after FF are the company code of whatever company is generating that traffic. So Apple's is 004C, so you'll always see - byte order's reversed - but you'll always see in an Apple Bluetooth packet FF4C00. And then you know that's an Apple packet. I want to warn you - remember I said earlier that these packets can be mimicked or produced by other Bluetooth devices. So even though all Apple devices should be getting that three-byte string, if you see other devices on your capture that are saying they're Apple, that doesn't mean that they're actually Apple.
Christine Fossaceca: So in the first packet, there's only one byte before that. So there is no optional field. And that's giving you the length of all the succeeding bytes to let you know how big the packet is and how to parse it. So there're seven bytes left, so only seven bytes of Apple-specific data here. This one has the optional field. And the optional field is actually Bluetooth-related. It's not Apple-specific. That's why it comes before the company ID. But because there's four bytes there, you can see that it has these two fields there. So this one has 10 bytes of Apple-specific data, and then the last one has 19 bytes of Apple-specific data.
Christine Fossaceca: All right. So now we're getting into the more interesting Apple part. All right. So the next field is the Apple type. So the Apple type will let you know what type of packet it is. So there's three different types we have here. And I created this table for you so that you can see what type the packet is. So it's in hex, but we convert it to decimal. And the reason why we do this is Apple's documentation and the - if you reverse engineer some of the binaries related to this, it actually has it in decimals. So I always think of the codes in decimal. But then when you parse the packets themselves, you'll see it in hex. So I - it's helpful to know the conversions because you might see a type that you think you've never seen before if you don't know the conversions 'cause you'll - as an example, for FindMy. FindMy is type 18. So when you check some of the log messages, you'll see, oh, type 18 was captured. But then in the packets, it's actually 12 because that is in hex.
Christine Fossaceca: So something else also, we discovered FindMy messaging before it was formally introduced - and that's really thanks to Sam Teplov, who gave the previous presentation on how to build this dissector. So Sam was updating the continuity dissector for a later version of Wireshark, and he suddenly started noticing, hey, there's this new message type I've never seen before. What is this? And that led us to, like, a reverse engineering rabbit hole where we realized that Apple was doing this offline location finding with these Bluetooth messages. So this is finding the AirTag framework before AirTags actually existed. And that helped us build our "Who Tracks the Trackers" paper that we published last year.
Christine Fossaceca: The next type of message is type 10 hex, 16 in decimal, and that's a Nearby message. And I'm going to get into a lot of the pattern-of-life information that is leaked when you're using a Nearby message. (Inaudible) is the hex C, decimal 12, which is the Handoff message. And Handoff is those features like shared clipboard, continuous browsing, things like that.
Christine Fossaceca: So let's start with the Nearby packet in more detail. So after type, there's another length field because it's telling you, what are the Apple-specific bytes with Apple-specific data? And so you might be thinking, well, what about the other three bytes? And that is the cyclic redundancy check. So the last three bytes of every one of these packets is CRC. So how much information can really be held in only five bytes? Well, if you split it to the bit level, a lot. So in the first byte, you have a reserve bit. And so this is - anytime you see reserve, that means reserved for future use. So that's information Apple can assign later in the specification. So there's a bit for if your AirDrop is on or off. There's a bit for primary iCloud account.
Christine Fossaceca: And so this is something that's related to how continuity works. So when you think about it, continuity is for a seamless experience between devices. But if you only have one device, then you don't need to use continuity. And that's something that we discovered when we were doing a lot of this testing. If you have a brand-new MacBook or iPhone and you have a brand-new Apple ID and you log in with that Apple ID to your MacBook and you put it in a Faraday cage, you will see nothing - radio silence - like, because it's not connected to any other account. But the moment that you connect that Apple ID to another Apple device, suddenly you'll be able to see all these Bluetooth messages beaconing. And that's because continuity has been activated. So if you're trying to avoid continuity messaging, that's one way to avoid it is to not have your Apple ID on multiple devices. So primary iCloud is - the first device that's logged in with that Apple ID becomes the primary iCloud account. And so that's what that bit means.
Christine Fossaceca: Then the pattern-of-life information is really contained in these action codes. So there's tons of different action codes related to what a user is doing with their device. For example, if you're in a phone call or on FaceTime, your phone will start beaconing message type 14. If you are watching a YouTube video, then you will see action code 9. If you're streaming "HerHax Podcast" while you work out, you will see action code 5. So there's a lot of things that seem like they might be innocuous, so maybe it, like, doesn't really matter. But this can come into play if somebody is a bad actor or stalking you in some way because then suddenly they know what you're doing. Like, if I'm watching somebody in a cafe and I really want to steal their phone, as a malicious person, I want to steal their phone when it's unlocked so that I can remove the Apple ID and resell it. You cannot do that if their phone is locked. So things like that are really important.
Christine Fossaceca: We did disclose this to Apple, and so in some later versions of iOS, for sensitive activities, they did start beaconing action code 2 because I guess they couldn't turn off the beaconing. And so now it's activity reporting disabled. So I guess your phone is just saying, hey, I'm not going to tell you anything at this time. So that was just one byte. The next byte gives information about the other continuity features you have, like auto-unlock with Face ID, auto-unlock with Apple Watch, if your watch is locked, if there's an auth tag present, reserved, Wi-Fi on or off, if the auth tag is four bytes and if your AirPods are connected or not or if you have AirPods that me, as the bad actor, want to steal. So the auth tag is here, and you can see that it's - the four-byte auth tag bit is zero, so that means that there's a three-byte auth tag. So auth tags are part of the AES-GCM specification for message authentication.
Christine Fossaceca: And so something that we did disclose to Apple which they could fix was there was some privacy lost with the original implementation because, like I said before, those MAC addresses are supposed to be rotating every 15 minutes so that when you go from work to the coffee shop to dry cleaner, your Bluetooth ID is not being beaconed everywhere. Well, when the advertising address was rolling over, the auth tags were not rolling over. So that was a problem because that meant that you could correlate the new advertising address with the old advertising address. So privacy was lost. So Apple did fix that when we disclosed.
Christine Fossaceca: The next type of message is Handoff. So this is length 14. And that's because the last three bytes are CRC. Let's break these down - cut or copy performed because, remember, shared clipboard, things like that. Then there's the nonce. Then there's an auth tag for AES-GCM and an encrypted payload. So you might be thinking, oh, this is great. Like, they do use some encryption. Not everything is being passed in the clear, and that is great. So I love that about Handoff messages. But something else that we had to disclose to Apple was that their nonces were sequential. So even though this doesn't compromise confidentiality of the data, it is an information disclosure issue, because now I can correlate two parties that are communicating with each other with these sequential nonces. Apple did fix it. I think.
Christine Fossaceca: The next type of message is proximity pairing, and this is the information that's being beaconed from your AirPods. So that has a pretty long length because it has a lot of information to send. First, there's just a prefix message saying, hey, this is the beginning of AirPod data. Then we have device model information. We also have status codes. So sometimes these can be functional 'cause, you know, I really like the feature of AirPods where, if somebody taps me on the shoulder, I can take one AirPod out of my ear, and it will automatically pause my audio - so great. But I kind of wonder, like - I know it's functional, but does it have to be sent in the clear because it's very granular, so it goes so deep as, oh, the right AirPod is in my ear, and the left one is out of the case and not in my ear but not in the case? Like, that is a lot of information. So I'm going to demonstrate that later.
Christine Fossaceca: It also gives battery levels because your AirPods are actually, like, three separate things. So each - left, right, and the case - has their own advertising IDs, and then they charge separately, so the battery statuses are independent, and then there's - if each of them are charging is also independently monitored. There's also something called the lid open count. And so this was actually discovered in the "Discontinued Privacy" paper and disclosed to Apple, which was University of Lyon in France. They found that every time you - I almost dropped the Ubertooth - every time you flip open your AirPods, it keeps track of that. And that's a problem because any time you have static data following you or connected to you and being beaconed in the clear, again, that's a privacy loss because the advertising ID rotating is supposed to prevent people from being able to track you from place to place but - and it was also, like, sequential. So somebody could use that against you. So they disclosed that to Apple, and now everyone's is just one.
Christine Fossaceca: So also device color - again, the thief in the cafe - you can see from here that I have a white iPhone, but, like, maybe I really want that rose gold iPhone. The problem is everyone has cases now, so I can't really know which phone I'm stealing. But if I see that there's a rose gold iPhone and it's telling me, hey, someone has one AirPod in their left ear, suddenly I know exactly who to target. So I just have to wait for their phone to be unlocked, and then I can swipe the exact one that I want. And then that's the end of the AirPods packet. The rest of it is encrypted data. So there is some stuff encrypted. So luckily, everything you're listening to is being encrypted and then the CRC. All right, so this part - please turn off your Bluetooth, please. Otherwise, this won't work. Also, if you have AirPods, please take them out of your ears and put them both in the case because I will see them, and I will find you.
Christine Fossaceca: All right. So let's see if this demo works.
Unidentified Person: What about your watch? Does your watch beacon out over Bluetooth?
Christine Fossaceca: It does.
Unidentified Person: How do you turn off the Bluetooth on your watch?
Christine Fossaceca: You have to manually turn off your watch. But it's OK. That won't be a big deal. The watch is OK. If you have watches, I think it's OK. It's just the AirPods 'cause my demo is with AirPods. All right, let's see. All right, good, good. So now I'm going to show you my AirPods. And, good, nobody else has their AirPods. So all right. OK. I messed it up. So right now, they're both in the case. Then I'm going to take one out. Which one did I take out? The left - I took out the left. OK. So one is in the case. Put that in my ear, and now it tells you that. And it's going to fall out 'cause this thing - so I'm going to take that one out of the case and just put it down and put this one in my ear. All right, here we go. All right, there we go - right in ear, left out of case. So I'm going to put this one back so I don't lose it. So - and you guys can see that, too, so pretty crazy.
Christine Fossaceca: All right, so we're not done. That was intermission, like I said. So now I'm going to talk to you about the AirTag, because AirTags also are on the continuity protocol. You've probably heard a lot about them and how they're used for stalking. So I'm going to now dispel some misinformation and myths around AirTags. But first, because you've seen so many Wireshark packets, we obviously have to parse Find My packets from AirTags themselves. So, again, it's hex 12, type 18. And you'll see here that I have two packets, and they're both the same type, but they have different lengths. So that's a little bit weird 'cause we haven't seen that before. And that's not normal for continuity. But that's because this is a nearby message, and the next one is a separated message. But these are coming from the same AirTag.
Christine Fossaceca: So I'm going to talk a little bit about the state machine of the AirTag and how it works. When you first buy a new AirTag, out of the box it's in the unpaired state, and like any Bluetooth device, you have to pair it to your device. So once you pair it to your phone, then it gets into these other states. And so the connected state allows for precision finding, which is the ultra-wideband chip. Nearby is Bluetooth only, so that's when your AirTag is in Bluetooth range of the owning device. And then when the AirTag is out of range of the owning device, it goes into the separated state. It basically stays in these three states once it's been paired to a device. So the first one is a very short packet because the AirTag is within range. It's nearby. You know where it is. So it's only two bytes of Apple-specific data. The next one is much longer because that's a lost AirTag or a separated AirTag, so you get a lot more information. And the last is the CRC.
Christine Fossaceca: So let's break down what these bytes are telling us. More battery information - so this first byte is the battery status. And this is telling you the status of the AirTag. So a lot of the bits are actually still reserved. But there's two bits. The first one is bit two, and that means maintain, and that's if - that you've maintained the connection. So this bit will be flipped when we go into the separated state. But when the AirTag is near the owner, you'll see it as a one. The next bit is the tracking bit. And so this is saying to Apple's anti-tracking framework, hey, this device needs to be added to our anti-tracking framework because we've seen this advertising address, and we need to make sure that we don't see this advertising address later somewhere down the line. So then the last two are the battery bits. And so the battery status is just letting you know whether or not your AirTag is going to die. So you can see I had a brand-new AirTag, so the battery's full, but those bits do increment as the battery gets lower and lower.
Christine Fossaceca: So the next byte, I'm going to get into later, but these are the public-key bits. And so this byte only has - the very low two bits are the public-key bits, and then everything else has not been allocated yet. So the next byte is a separated byte, and that's 25 bytes of Apple-specific data - or the next packet, not next byte. All right. So, again, battery status - this is the same exact AirTag, so everything is basically the same batterywise - battery's still full. But you can see that maintained bit was disconnected - or the maintained bit flipped because we disconnected. So the next few bytes are the public key, and I'm going to get into this. Don't worry. But it's bytes six through 27 of some public key that I keep referencing. Those public-key bits are the next byte. And then there's a hint byte, which is also related to the public key.
Christine Fossaceca: So I've been saying public key a lot, and you probably feel like you're in a class where, like, you missed something or the professor didn't explain something enough ahead of time. And so I'm going to do that now. So now I will demystify the public key. So this slide - you can't see it, but it says Find My in five minutes, so hopefully Find My in five minutes or less. So remember, AirTags don't have GPS, so how are they able to find your stuff if you lose it? Well, encryption 101 tells us that if I have a public key, I can give you that public key, and you can use that to encrypt any information that you want to send to me, and then I can use my private key to decrypt it and pull it down later. So AirTags will leverage that, because they don't have GPS, but hey, they have Bluetooth.
Christine Fossaceca: So they will begin some public key. And this is just, like, a notional public key. We're going to break it down. But it's part of P-224 Elliptic Curve Encryption. So it's actually a 28-byte key. And if anybody is, like, a cryptographer in this room, I know it's technically the X coordinate on the elliptic curve, but, you know, just - public key right now, OK? So it's beaconing public key. So you have an AirTag, and it is beaconing this public key. Well, there's devices around that can receive that public key. And those are called finder devices. So any Apple device is a finder device. So your iPhone might see this public key out in the wild. And so they will receive that. And they say, hey, I have a GPS, so I'm going to lend out my GPS to this public key. They take their time stamp, their location, and then they encrypt it with that public key, and they send it to the Apple server. Then later, the owner of the AirTag can download and unlock those locations with their private key. So that's how the crowdsourcing, offline-finding ecosystem works.
Christine Fossaceca: So where is this public key coming from? So we're going to start with that hint byte, because remember, the separated packet only had 25 Apple-specific data bytes to leverage, but we have a 28-byte key. So how can we get all 28 bytes into 25 bytes? Doesn't make sense. So the first thing that I want to address here is the hint byte. We still actually don't know why this is here. The hint byte is always going to match up to this byte. It's the same in every single packet. I don't know why it's there, but that byte specifically is important because that is bytes zero through five of the public key. What's also interesting about this is these bytes are also the advertising address. So remember, Apple only has 25 Apple-specific bytes. And you can see in this packet - I don't know if you can see my cursor - oh, yeah - this data is being beaconed before the Apple-specific information.
Christine Fossaceca: So what they decided to do was - OK, we can control the advertising address, so we are going to use the advertising address, and instead of beaconing completely random information for the advertising address, we're going to beacon the first five bits of that public key. So every time they generate an - oh, yeah, forgot to mention this. So in P-224 or in other elliptic curve encryption, one of the features is that you have one private key but multiple public keys. So because you can calculate multiple public keys, that will allow you to preserve privacy, continue rotating that Bluetooth advertising ID by using different keys that you've calculated on the curve. So that's how that works.
Christine Fossaceca: So the next - so that, remember the six through 27 bytes - that's the rest of the public key. So the rest of the public key is being beaconed in the Apple-specific data section. So that's how they get around their size limitations, except remember, they're beaconing this information in a non-Apple-specific part of the packet, and this part of the packet has to be used for the advertising ID. Unfortunately, in the advertising ID protocol, because it has to be a private Bluetooth MAC address or a private advertising ID, there's a rule where the first two bits have to be 1-1. Now, I guess technically, they could try and traverse all of the keys after they calculate them and only pull out the ones that have bits that satisfy this requirement, but that sounds, like, super hard and annoying and probably not optimized. So instead they use the public key bits to help store those and recalculate it later.
Christine Fossaceca: So we're going to take - this is the first. And remember, it's the advertising address, so reverse NDN order. So we're going to take D9, and we're going to replace the first two bits of what the real first two bits are, which are being stored in the public key bits. So remember, it was only those lower two bits. So it was two. And it's literally a one-zero. So it's just a drop and replace. So that bit becomes a nine - or that byte becomes nine from D. So that's the real public key. So when we do this, because it's reverse order - so first replace this with the correct public key bits, and then reverse NDN order for this because the advertising ID is reverse NDN order, but then everything else is being beaconed in the correct order. So it's important to know how to parse it so that you can get the correct public key. All right, so now you have the final public key. So that's how that works. And that's how you can parse the public keys. That's how your - the finding devices are pared from the public key so that they can encrypt the location information and send it to Apple.
Christine Fossaceca: So now I want to dispel some of the myths and talk about some of the truths about AirTag stalking. So the first thing is Find My is an app that you buy from the App Store. And that's not true. So a lot of us in this room probably know that. Find My is something shipped native to Apple. But because of all of the stalking articles that have been coming out over the past year and a half, there's a lot of malicious companies that have been producing apps in the app store for both Android and iOS called Find My. And they cost money. And I think they're trying to leverage the kind of hysteria over tracking and trying to basically profit off of it. So if you see an app in the app store that's, like, Find My with Apple - if it's not made by Apple - and it won't be because it's - Apple's is already shipped - it's not real. So make sure you tell your family and friends like, hey, you don't need to download Find My for me to share my location with you. You should have it if you have an iPhone - similar actually to AirTags. There's a lot of fake AirTag tracking apps that try to charge you money and say they can detect AirTags and stuff, but you don't have to do that because it's built in.
Christine Fossaceca: So this one is a big one - turning off your Bluetooth as a way to protect you. And I know a lot of people in this room and in our field - if you go to DEFCON, like, you're turning off your Bluetooth, and you're turning off your Wi-Fi. But for this specific use case, that's actually a problem. And that's because when you turn off your Bluetooth, you're turning off Apple's anti-tracking framework. So you're not able to collect any of the information about a device that may be tracking you because it needs to be able to collect information from an AirTag that might be in your pocket. And you might be thinking, but if I turn off my Bluetooth, then my device won't receive that packet. It won't encrypt its location and send it over to Apple. So I should turn off my Bluetooth.
Christine Fossaceca: The problem is that if you walk into a bar - except maybe not this one 'cause I told everyone to turn off their Bluetooth - your device won't be reporting your location, but everyone's devices around you will. So that's the problem, especially if you work in an office or if you live in an apartment or people in your family have iPhones. You can't know that their Bluetooth is always going to be off, so that's where the tracking - the anti-tracking framework becomes really important because if you are going to your office and then to the coffee shop and then to a bar and then to your home, other people's devices will be telling Apple where your device is. And then the AirTag owner can pull down that information, but you yourself will not get any of the anti-tracking notifications that Apple has implemented. These - Apple is acutely aware of this. And basically, ever since they released Find My, they have been trying to make modifications to fix this.
Christine Fossaceca: So you might also be thinking, oh, but even if I have my Bluetooth on, I have an Android, so there's no way for me to protect myself. But because Apple is aware of this problem, they also created an app called Tracker Detect, which has their anti-tracking framework in an app for Android devices. There's also another app. So TU Darmstadt actually released this, and I think it's better than the Apple one. It's called AirGuard - also free. Both of these apps are free. You should never pay for anything, OK? So AirGuard will let you detect not only Apple devices but also tiles and other different types of Bluetooth trackers. And so I love that it has parsing for that because Apple's only detecting AirTags. And then Tracker - AirGuard will let you send a beacon out. And you can actually make the AirTag beep that you found near you. So it's very, very helpful because you can more easily find them. Tracker Detect has that feature. But I found that it did not work as well, so.
Christine Fossaceca: The last myth is only AirTags can stalk you. So there are other devices that other manufacturers make. But we did publish, in our paper, how to create different tags using some - using the Puck.js. And it - basically, after reverse-engineering the protocol, we showed that you can mimic this information, you can ride the Apple framework, and you don't have to be an AirTag to leverage that crowdsourced finding network. So I know it's, like, Halloween. I'm not trying to scare anybody. Like, it - there are other devices that can do these things. And there's other devices that can leverage the Apple framework, and those will not trigger Apple's anti-tracking framework because they're not Apple devices.
Christine Fossaceca: So we felt pretty strongly about that, so we actually did some research as a FuriousMAC team, and we're presenting in a couple months at the PETS Symposium. So we developed the Blind My protocol, which is a more robust way for devices to be put onto the Find My framework. And it will prevent arbitrary devices from joining Apple's continuity network and leveraging the finding protocol so that - because our idea is that, well, if other devices can't leverage this, then they can't use Apple to track you because that's basically what malicious devices are able to do. All right. So that is it. Thank you. I think - I don't know if we do questions here, but - can I grab some water?
Unidentified Person #1: Any questions? Anybody have any questions for Christine?
Unidentified Person #2: I did have one. You mentioned that you could potentially spoof things. Could you spoof the location of a device that's, let's say, (inaudible) somebody or somewhere, for example?
Christine Fossaceca: OK, so I am going to repeat the question I'm trying to be a good speaker. So that was a very good question. So the question was, can you spoof the location? And the answer is yes. So the way that the Find My framework works is it's relying on the finding device. So it's all - it all depends on if the finding device is giving a reliable location. The finder information is in the search party binary, which is Apple's corollary binary to location to you. And it's doing this Find My protocol. And so location d - location d collects your location, sends that over a ECIES message to search party. And then search party will send that over to Apple.
Christine Fossaceca: But if you're able to hook that process - or change the location information because it's just a lat long - it is possible to spoof that location because Apple is doing everything anonymously. So they're just receiving your encrypted information and sending your encrypted information back out. They're just basically acting as a - as like a C2 channel. So people - somebody actually wrote a paper on using Find My for covert channel. And if you change the contents of that encrypted packet, you can change it because the person pulling it down doesn't know. All they have is what they decrypt. They don't - there's no, like, authentication on that. So great question. Yes?
Unidentified Person #3: You said that if you turn Bluetooth off and other phones around it can still locate it - and maybe I missed it - but what is the primary way nearby devices are locating other phones that have Bluetooth on?
Christine Fossaceca: OK, So the question was. So if you turn your Bluetooth - can you - sorry, can you repeat that?
Unidentified Person #3: You said that you should keep Bluetooth on for the anti-tracking technologies.
Christine Fossaceca: Yes.
Unidentified Person #3: If you turn it off, you said that other devices could locate it and report it up anyway. How is that Apple primarily locating your devices with Bluetooth off?
Christine Fossaceca: Oh, I see. So that is a good question. If your Bluetooth is off, Apple can't, like, it won't participate in Find My. So the question was I recommend keeping your Bluetooth on so that you can participate in anti-tracking. But how can Apple find devices that have Bluetooth off? And they can't. So for AirTags as an example, if you somehow disabled the Bluetooth in an AirTag, it would no longer be able to locate because it really relies on Bluetooth. So it does have an ultrawide band chip for precision finding, but that's like within a few feet. So if you turn your Bluetooth off, you won't be able to leverage Find My and find that lost device. So yeah, that's a really good question. So Apple recently has implemented when you turn your phone off, it's supposed to act like an AirTag basically, so that you can do offline finding. But if your phone is not connected to the internet, it - all it has is that Bluetooth to rely on and so, yeah, that's a good question.
Unidentified Person #4: My thought if your Bluetooth is off, your phone is still connected to cellular networks - I bet they're able to find you that way.
Christine Fossaceca: Yes, that would be the only way. But, like, an AirTag does not have a cellular connection or GPS, so AirTags you absolutely cannot find. So with your phone, if you turn your Bluetooth off, they still do have that. But when you turn your phone off, Apple has implemented the ability for your phone to still be getting Bluetooth messages if you want that.
Unidentified Person #4: Even if it's in the wrong position...
Christine Fossaceca: So if you turn your Bluetooth off and turn your phone off, then it won't do that. But if you have your Bluetooth on and you - the later versions of iOS have this feature. So it - because they're thinking from a user perspective, oh, this is great. You can find your lost phone because the original implementation of Find My before AirTags came out were for devices that lost cellular or Wi-Fi connectivity because people would lose or maybe their phone got stolen and they wouldn't be able to find them without Wi-Fi. So they kind of copied Tile and did the - used a crowdsourcing method using Bluetooth, if that makes sense. Great questions. All right, I think - oh, there's - all right. There's a question - or another question. You're, like, way in the back. I probably won't be able to hear you.
Unidentified Person #5: Have you looked at Tile? Because if so (inaudible)...
Christine Fossaceca: So, that was a great question. It was - oh, sorry, I'm yelling - that was a great question. He asked if I've looked at Tile before. And so I haven't. TU Darmstadt has begun looking into Tile and we are actually hoping to collaborate with them on future research. So TBD. Something may be coming from us soon. I literally just texted somebody from there a couple of weeks ago because we are interested in looking at Tile and other Bluetooth devices. So it's definitely possible. So yeah, TBD. All right. Thank you, everybody. This was really fun.