it just (net)works - hack in the box security...
TRANSCRIPT
![Page 1: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/1.jpg)
It Just (Net)worksThe Truth About iOS'
Multipeer Connectivity Framework
Alban Diquet!@nabla_c0d3
HITB 2014 Malaysia
![Page 2: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/2.jpg)
About me
• iOS Security Researcher at Data Theorem
• Before: Principal Security Consultant at iSEC Partners
• Led iSEC Partners’ audit of Cryptocat iOS
• Tools: SSLyze, Introspy, iOS SSL Kill Switch
2
![Page 3: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/3.jpg)
Agenda
• What is Multipeer Connectivity?
• Quick intro to the MC API
• Reversing the MC protocol(s)
• Security analysis of MC
3
![Page 4: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/4.jpg)
What is Multipeer Connectivity?
4
![Page 5: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/5.jpg)
5
Multipeer Connectivity
![Page 6: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/6.jpg)
Multipeer Connectivity
• Audibly: Stream songs to other devices
• iTranslate Voice: “AirTranslate”
• FireChat: Anonymous “off-the-grid“ chat
• Tons of possible use cases: collaborative editing, file sharing, multiplayer gaming, etc.
6
![Page 7: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/7.jpg)
Demo
7
![Page 8: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/8.jpg)
Motivation
8
![Page 9: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/9.jpg)
Quick intro to the MC API
9
![Page 10: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/10.jpg)
MC API• 1. Discovery phase: Establish a session!
• Per-App service name (“og-firechat” for FireChat)
• The App can browse for nearby peers advertising the MC service
• And then send an invitation to discovered peers
• The App can advertise its own local MC service to nearby peers
• And then accept or reject invitations from other peers
10
![Page 11: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/11.jpg)
• 2. Session phase: Exchange data!
• A session can be established after one or multiple peers accepted a pairing invitation:
• The App can then exchange data with these peers:
MC API
11
![Page 12: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/12.jpg)
• 2. Session phase: Exchange data!
• A session can be established after one or multiple peers accepted a pairing invitation:
• The App can then exchange data with these peers:
MC API
12
![Page 13: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/13.jpg)
Demo
13
![Page 14: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/14.jpg)
• The App can specify an encryptionPreference
• Three encryption levels:
• No further explanation in the documentation
MC API - Encryption
14
![Page 15: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/15.jpg)
• The App can specify a securityIdentity
• A "security identity" is an X509 certificate and the corresponding private key
• The peer’s identify when pairing with other peers
• A callback has to be implemented for validating other peers’ certificates/identities during pairing:
MC API - Authentication
15
![Page 16: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/16.jpg)
MC API - Peer Management• How MC sessions get established
• “Automated"/default peer management
• Invite prompt before pairing:
• "Manual" peer management
• Developers can customize how pairing is done
• Fully transparent pairing (ie. no user prompts) can be implemented
16
![Page 17: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/17.jpg)
MC API - Security• Peer Management!
• Automated or Manual
• Encryption!
• None, Optional or Required
• Authentication!
• Enabled or Disabled17
![Page 18: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/18.jpg)
Reversing the MC protocol(s)
18
![Page 19: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/19.jpg)
Test Setup• Macbook in WiFi Access Point mode +
Wireshark
• Sample MC App with default MC settings
• Two devices:
• iPad Air with Bluetooth disabled
• iOS Simulator
19
![Page 20: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/20.jpg)
20
![Page 21: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/21.jpg)
21
![Page 22: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/22.jpg)
22
A B
![Page 23: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/23.jpg)
23
??? over TCP!!
STUN / ICE!
Bonjour!!
A B
??? over UDP!!
![Page 24: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/24.jpg)
24
??? over TCP!!
STUN / ICE!
Bonjour!!
A B
??? over UDP!!
![Page 25: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/25.jpg)
25
??? over TCP!!
STUN / ICE!
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A B
??? over UDP!!
![Page 26: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/26.jpg)
26
??? over TCP!!
STUN / ICE!
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A B
??? over UDP!!
![Page 27: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/27.jpg)
27
![Page 28: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/28.jpg)
28
![Page 29: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/29.jpg)
Mystery Protocol #1• Peer connects to the other peer over TCP
• Each peer sends their “PeerID” first
• (random) “idString” + device name
• For example: ”ory2g6r8fkq+iPhone Simulator”
• Three plists are then exchanged
29
![Page 30: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/30.jpg)
30
A B
![Page 31: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/31.jpg)
31
A B
![Page 32: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/32.jpg)
32
A B
![Page 33: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/33.jpg)
33
A
![Page 34: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/34.jpg)
34
A B
![Page 35: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/35.jpg)
35
A B
![Page 36: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/36.jpg)
36
A B
![Page 37: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/37.jpg)
37
A B
![Page 38: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/38.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
38
![Page 39: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/39.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
39
• The peer’s security settings as bit fields:
• Encryption level (optional = X00, none = X10, required = X01 )
• Whether authentication is enabled (yes = 1XX, no = 0XX)
• Only the settings; no X509 certificate/identity yet
![Page 40: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/40.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
40
• Then a list of local "candidate" IP addresses and port numbers
!
!
![Page 41: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/41.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
41
• Then a list of local "candidate" IP addresses and port numbers
• 192.168.1.8
!
![Page 42: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/42.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
42
• Then a list of local "candidate" IP addresses and port numbers
• 192.168.1.8
• 169.254.234.105
• Etc…
![Page 43: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/43.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
43
• Then some kind of IDs (according to debug logs)?
!
![Page 44: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/44.jpg)
Mystery Protocol #1• Each peer exchanges their MCNearbyConnectionDataKey
• Main "payload" of the protocol; briefly mentioned as “connection data” in the documentation
44
• Then some kind of IDs (according to debug logs)?
• 6F7D4FE3, etc…
![Page 45: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/45.jpg)
45
GCK1 over TCP!Exchange peer names, security options
and "candidate" UDP sockets
STUN / ICE!
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A B
??? over UDP!!
![Page 46: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/46.jpg)
46
STUN / ICE!
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A BGCK1 over TCP!
Exchange peer names, security options and "candidate" UDP sockets
??? over UDP!!
![Page 47: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/47.jpg)
Interactive Connectivy Establishement
47
com.apple.MultipeerConnectivity: GK START ICE check with peer 317456B5com.apple.ICE: Updated ICEList(829707957) to role (1)com.apple.ICE: Local candidate(1/3): ID[07FEE53F00000000] [192.168.2.2:16402]com.apple.ICE: Local candidate(2/3): ID[4348FA0000000000] [[fe80::29:203:1454:aa5a%en0]:16402]com.apple.ICE: Local candidate(3/3): ID[3904EA8D00000000] [[fe80::ecf1:14ff:fe49:d55a%awdl0]:16402]com.apple.ICE: Remote candidate(1/3): ID[6F7D4FE300000000] [192.168.1.8:16401]com.apple.ICE: Remote candidate(2/3): ID[6474621200000000] [169.254.234.105:16401]com.apple.ICE: Remote candidate(3/3): ID[45A87A1400000000] [192.168.2.1:16401]com.apple.ICE: ICEStartConnectivityCheck(id[local:829707957 remote:1350514450] count[local:3 remote:3]com.apple.ICE: [CHECKPOINT] connectivity-check-thread-startedcom.apple.ICE: event 192.168.2.2:16402->192.168.1.8:16401 expires 210041.818916com.apple.ICE: ** BINDING_REQUEST [00018674C3972B2DC739DF77] from [192.168.1.8:16401] USERNAME [07FEE53F.00000000.1-6F7D4FE3.00000000.1]com.apple.ICE: Remote ICE Version: 109com.apple.ICE: OLD STATE(TESTING)->NEW STATE(TESTING)com.apple.MultipeerConnectivity: send udp packet from 192.168.2.2:16402 to 192.168.1.8:16401 ...
![Page 48: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/48.jpg)
48
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A BGCK1 over TCP!
Exchange peer names, security options and "candidate" UDP sockets
??? over UDP!!
![Page 49: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/49.jpg)
49
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A BGCK1 over TCP!
Exchange peer names, security options and "candidate" UDP sockets
??? over UDP!!
![Page 50: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/50.jpg)
Mystery Protocol #2
50
![Page 51: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/51.jpg)
Mystery Protocol #2
51
![Page 52: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/52.jpg)
Mystery Protocol #2• It’s the protocol used when App data is being exchanged
• Not plaintext… but Wireshark doesn’t know what it is
• Clues:
•
•
52
![Page 53: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/53.jpg)
Mystery Protocol #2• It’s the protocol used when App data is being exchanged
• Not plaintext… but Wireshark doesn’t know what it is
• Clues:
• Authentication in the MC API relies on X509 certificates
•
53
![Page 54: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/54.jpg)
Mystery Protocol #2• It’s the protocol used when App data is being exchanged
• Not plaintext… but Wireshark doesn’t know what it is
• Clues:
• Authentication in the MC API relies on X509 certificates
• When setting a breakpoint on SSLHandshake(), it does get triggered…
54
![Page 55: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/55.jpg)
Mystery Protocol #2• It’s the protocol used when App data is being exchanged
• Not plaintext… but Wireshark doesn’t know what it is
• Clues:
• Authentication in the MC API relies on X509 certificates
• When setting a breakpoint on SSLHandshake(), it does get triggered…
55
![Page 56: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/56.jpg)
56
Mystery Protocol #2
openssl s_client -dtls1 -connect someserver:443
![Page 57: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/57.jpg)
57
Mystery Protocol #2
openssl s_client -dtls1 -connect someserver:443
![Page 58: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/58.jpg)
58
Mystery Protocol #2
openssl s_client -dtls1 -connect someserver:443
![Page 59: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/59.jpg)
Pro Packet Trace Editing
59
![Page 60: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/60.jpg)
Pro Packet Trace Editing
60
• Success!
![Page 61: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/61.jpg)
Mystery Protocol #2
61
• DTLS 1.0 with the byte 0xd0 appended to every DTLS record
• _gckSessionRecvMessage()
• Inside the DTLS stream:
• Simple plaintext protocol
• The other peer’s PeerID + App data/messages
![Page 62: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/62.jpg)
62
GCK2 over UDP!Perform DTLS handshake, check the other
peer’s identity, exchange data
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
A BGCK1 over TCP!
Exchange peer names, security options and "candidate" UDP sockets
![Page 63: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/63.jpg)
63
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
GCK1 over TCP!Exchange peer names, security options
and network information
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
Discovery Phase
GCK2 over UDP!Perform DTLS handshake, check the other
peer’s identity, exchange dataSession Phase
A B
![Page 64: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/64.jpg)
Security Analysis of Multipeer Connectivity
64
![Page 65: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/65.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication
With Authentication
65
![Page 66: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/66.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication
With Authentication
66
![Page 67: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/67.jpg)
MC Security Analysis• MCEncryptionRequired With Authentication:
DTLS with mutual authentication
• Each peer sends their certificate and validate the other side’s certificate
• RSA & EC-DSA TLS Cipher Suites
• 30 cipher suites supported in total including PFS cipher suites.!
• In practice, TLS_RSA_WITH_AES_256_CBC_SHA256 is always negotiated, which doesn’t provide PFS
67
![Page 68: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/68.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication
With Authentication No PFS
68
![Page 69: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/69.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication
With Authentication No PFS
69
![Page 70: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/70.jpg)
MC Security Analysis• MCEncryptionRequired Without Authentication:
DTLS with Anonymous TLS Cipher Suites
• No certificates exchanged
• “Anon" AES TLS cipher suites:
• TLS_DH_anon_WITH_AES_128_CBC_SHA, TLS_DH_anon_WITH_AES_256_CBC_SHA, TLS_DH_anon_WITH_AES_128_CBC_SHA256, TLS_DH_anon_WITH_AES_256_CBC_SHA256
70
![Page 71: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/71.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication MiTM
With Authentication No PFS
71
![Page 72: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/72.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication MiTM
With Authentication No PFS
72
![Page 73: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/73.jpg)
MC Security Analysis
• MCEncryptionNone Without Authentication: No DTLS - Plaintext GCK2 protocol
73
![Page 74: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/74.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MiTM
With Authentication No PFS
74
![Page 75: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/75.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MiTM
With Authentication No PFS
75
![Page 76: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/76.jpg)
MC Security Analysis• MCEncryptionNone With Authentication:
DTLS with mutual authentication
• Each peer send their certificate and validate the other side’s certificate
• Plaintext / “No Encryption” TLS Cipher Suites!
• TLS_RSA_WITH_NULL_SHA ,TLS_RSA_WITH_NULL_SHA256
76
![Page 77: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/77.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MiTM
With Authentication Plaintext No PFS
77
![Page 78: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/78.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MiTM
With Authentication Plaintext No PFS
78
![Page 79: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/79.jpg)
MC Security Analysis• MCEncryptionOptional Without Authentication!
• ”The session prefers to use encryption, but will accept unencrypted connections”
79
![Page 80: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/80.jpg)
Conclusion
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext No PFS
80
![Page 81: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/81.jpg)
Conclusion
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext No PFS
81
![Page 82: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/82.jpg)
MC Security Analysis• MCEncryptionOptional With Authentication!
• ”The session prefers to use encryption, but will accept unencrypted connections”
• Two peers using MCEncryptionOptional with Authentication should get the same security as MCEncryptionRequired
• Authentication should prevent a man-in-the-middle from tampering with the network traffic
82
![Page 83: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/83.jpg)
83
GCK2 over UDP!Perform DTLS handshake, check the other
peer’s identity, exchange data
STUN / ICE!Perform connectivity checks and find the
best network path to the other peer
Bonjour!Advertise local MC service, discover
nearby devices advertising the MC service
GCK1 over TCP!Exchange peer names, security options
and "candidate" UDP sockets
![Page 84: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/84.jpg)
84
MCEncryptionOptional!Authentication Enabled
MCEncryptionOptional!Authentication Enabled
DTLS with RSA / AES cipher suite
ICE / STUN
Bonjour
• Encrypted & authenticated traffic • Same security as MCEncryptionRequired
![Page 85: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/85.jpg)
85
Bonjour
![Page 86: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/86.jpg)
86
MCEncryptionOptional!Authentication Enabled
Bonjour
![Page 87: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/87.jpg)
87
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
Bonjour
![Page 88: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/88.jpg)
88
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
Bonjour
![Page 89: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/89.jpg)
89
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
ICE / STUN
Bonjour
![Page 90: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/90.jpg)
90
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
MCEncryptionOptional!Authentication Enabled
MCEncryptionNone!Authentication Enabled
DTLS with NULL cipher suite
ICE / STUN
Bonjour
• Plaintext traffic (authenticated)!• No post-auth checks on the
MCEncryption parameters exchanged!• Same security as MCEncryptionNone
![Page 91: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/91.jpg)
MCEncryptionOptional Downgrade Attack
91
![Page 92: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/92.jpg)
MC Security Analysis
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext MitM
(Downgrade) No PFS
92
![Page 93: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/93.jpg)
Conclusion
93
![Page 94: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/94.jpg)
Conclusion• Most security settings work as advertised by the MC
documentation
• Except for MCEncryptionOptional with Authentication
• Some combinations should never be used
• MCEncryptionOptional
• MCEncryptionNone with Authentication
• Only MCEncryptionRequired with Authentication is secure
94
![Page 95: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/95.jpg)
Conclusion
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext MitM
(Downgrade) No PFS
95
![Page 96: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/96.jpg)
Conclusion
MCEncryption None
MCEncryption Optional
MCEncryption Required
Without!Authentication Plaintext MitM MitM
With Authentication Plaintext MitM
(Downgrade) No PFS
96
![Page 97: It Just (Net)works - Hack In The Box Security Conferenceconference.hitb.org/hitbsecconf2014kul/materials/D1T2 - Alban Diqu… · It Just (Net)works The Truth About iOS' Multipeer](https://reader033.vdocuments.site/reader033/viewer/2022060311/5f0acadb7e708231d42d5db2/html5/thumbnails/97.jpg)
Conclusion• Possible improvements to the MC Framework:
• MCEncryptionRequired with Authentication:
• Prioritize Perfect Forward Secrecy TLS Cipher Suites
• MCEncryptionOptional with Authentication:
• Peers should validate security parameters post-authentication to prevent downgrade attacks
• Better: remove MCEncryptionOptional and make MCEncryptionRequired the default setting?
97