Group Publications

2019

Handoff All Your Privacy – A Review of Apple’s Bluetooth Low Energy Continuity Protocol

  • Abstact: We investigate Apple’s Bluetooth Low Energy (BLE) Continuity protocol, designed to support interoperability and communication between iOS and macOS devices, and show that the price for this seamless experience is leakage of identifying information and behavioral data to passive adversaries. First, we reverse engineer numerous Continuity protocol message types and identify data fields that are transmitted unencrypted. We show that Continuity messages are broadcast over BLE in response to actions such as locking and unlocking a device’s screen, copying and pasting information, making and accepting phone calls, and tapping the screen while it is unlocked. Laboratory experiments reveal a significant flaw in the most recent versions of macOS that defeats BLE Media Access Control (MAC) address randomization entirely by causing the public MAC address to be broadcast. We demonstrate that the format and content of Continuity messages can be used to fingerprint the type and Operating System (OS) version of a device, as well as behaviorally profile users. Finally, we show that predictable sequence numbers in these frames can allow an adversary to track Apple devices across space and time, defeating existing anti-tracking techniques such as MAC address randomization
  • Authors: Jeremy Martin, Douglas Alpuche, Kristina Bodeman, Lamont Brown, Ellis Fenske, Lucas Foppe, Travis Mayberry, Erik C. Rye, Brandon Sipes, and Sam Teplov
  • Publication: Proceedings Privacy Enhancing Technologies (PETS) Symposium, 2019
  • Link: Local, Publication

2018

Exploiting TLS Client Authentication for Widespread User Tracking

  • Abstact: TLS, and SSL before it, has long supported the option for clients to authenticate to servers using their own certificates, but this capability has not been widely used. However, with the development of its Push Notification Service, Apple has deployed this technology on millions of devices for the first time. Wachs et al. determined iOS client certificates could be used by passive network adversaries to track individual devices across the internet. Subsequently, Apple has patched their software to fix this vulnerability. We show these countermeasures are not effective by demonstrating three novel active attacks against TLS Client Certificate Authentication that are successful despite the defenses. Additionally, we show these attacks work against all known instances of TLS Client Certificate Authentication, including smart cards like those widely deployed by the Estonian government as part of their Digital ID program. Our attacks include in-path man-in-themiddle versions as well as a more powerful on-path attack that can be carried out without full network control.
  • Authors: Lucas Foppe, Jeremy Martin, Travis Mayberry, Erik C. Rye, and Lamont Brown
  • Publication: Proceedings Privacy Enhancing Technologies (PETS) Symposium, 2018
  • Link: Local, Publication

2017

A Study of MAC Address Randomization in Mobile Devices and When it Fails

  • Abstact: Media Access Control (MAC) address randomization is a privacy technique whereby mobile devices rotate through random hardware addresses in order to prevent observers from singling out their traffic or physical location from other nearby devices. Adoption of this technology, however, has been sporadic and varied across device manufacturers. In this paper, we present the first wide-scale study of MAC address randomization in the wild, including a detailed breakdown of different randomization techniques by operating system, manufacturer, and model of device. We then identify multiple flaws in these implementations which can be exploited to defeat randomization as performed by existing devices. First, we show that devices commonly make improper use of randomization by sending wireless frames with the true, global address when they should be using a randomized address. We move on to extend the passive identification techniques of Vanhoef et al. to effectively defeat randomization in ∼96% of Android phones. Finally, we identify a previously unknown flaw in the way wireless chipsets handle low-level control frames which applies to 100% of devices we tested. This flaw permits an active attack that can be used under certain circumstances to track any existing wireless device.
  • Authors: Jeremy Martin, Travis Mayberry, Collin Donahue, Lucas Foppe, Lamont Brown, Chadwick Riggins, Erik C. Rye, and Dane Brown
  • Publication: Proceedings Privacy Enhancing Technologies (PETS) Symposium, 2017
  • Link: Local, Publication

How Much Privacy Does $3,165 Buy You?

  • Abstact: Security and privacy are frequently linked for good reason; the more specific information an attacker can gather regarding a person or organization, the more devastating or surgical a targeted attack can be. Armed with this knowledge, many individuals and organizations focus too heavily on protecting privacy while under-emphasizing or entirely neglecting actions which will actually make their systems more secure, a practice known as Security through Obscurity. Such is the case with the Institute of Electrical and Electronics Engineers (IEEE) practice of selling private Organizationally Unique Identifier (OUI) registrations to companies. This feature hides the name and personal information of the company that owns an address block in the IEEE public registry. In this paper, we track the adoption of private address allocation over time and attempt to unmask some of the companies behind this veil. We perform a cursory assessment of collected unencrypted frames transmitted by the devices implementing this practice. We identify that ∼86% of observed devices reveal their associated provenance through the content of their unencrypted transmissions, thereby rendering the privacy protection moot. Furthermore, we posit that the practice itself is flawed, inherently drawing unnecessary attention by the public nature of IEEE allocations. Our research reveals the ownership details of private addresses used by critical law enforcement, emergency services, and a variety of physical security systems. The results of our findings have been disclosed with the goal of raising awareness of companies and consumers using products with unsubstantiated security guarantees.
  • Authors: Jeremy Martin, Dane Brown, KrisMerrion, Lamont Brown, and Travis Mayberry
  • Publication: Privacy, Security and Trust 2017 (PST 2017)
  • Link: Local

A Graph-Theoretic Approach to Virtual Access Point Correlation

  • Abstact: The wireless boundaries of networks are becoming increasingly important from a security standpoint as the proliferation of 802.11 WiFi technology increases. Concurrently, the complexity of 802.11 access point implementation is rapidly outpacing the standardization process. The result is that nascent wireless functionality management is left up to the individual provider’s implementation, which creates new vulnerabilities in wireless networks. One such functional improvement to 802.11 is the virtual access point (VAP), a method of broadcasting logically separate networks from the same physical equipment. Network reconnaissance benefits from VAP identification, not only because network topology is a primary aim of such reconnaissance, but because the knowledge that a secure network and an insecure network are both being broadcast from the same physical equipment is tactically relevant information. In this work, we present a novel graph-theoretic approach to VAP identification which leverages a body of research concerned with establishing community structure. We apply our approach to both synthetic data and a large corpus of real-world data to demonstrate its efficacy. In most real-world cases, near-perfect blind identification is possible highlighting the effectiveness of our proposed VAP identification algorithm.
  • Authors: John Roth, Jeremy Martin, and Travis Mayberry
  • Publication: IEEE Conference on Communications and Network Security
  • Link: Local

2016

Decomposition of MAC Address Structure for Granular Device Inference

  • Abstact: Common among the wide variety of ubiquitous networked devices in modern use is wireless 802.11 connectivity. The MAC addresses of these devices are visible to a passive adversary, thereby presenting security and privacy threats – even when link or application-layer encryption is employed. While it is well-known that the most significant three bytes of a MAC address, the OUI, coarsely identify a device’s manufacturer, we seek to better understand the ways in which the remaining low-order bytes are allocated in practice. From a collection of more than two billion 802.11 frames observed in the wild, we extract device and model information details for over 285K devices, as leaked by various management frames and discovery protocols. From this rich dataset, we characterize overall device populations and densities, vendor address allocation policies and utilization, OUI sharing among manufacturers, discover unique models occurring in multiple OUIs, and map contiguous address blocks to specific devices. Our mapping thus permits finegrained device type and model predictions for unknown devices solely on the basis of their MAC address. We validate our inferences on both ground-truth data and a third-party dataset, where we obtain high accuracy. Our results empirically demonstrate the extant structure of the low-order MAC bytes due to manufacturer’s sequential allocation policies, and the security and privacy concerns therein.
  • Authors: Jeremy Martin, Erik C. Rye, and Robert Beverly
  • Publications: Proceedings of the Annual Computer Security Applications (ACSAC) Conference - Los Angeles, CA, December 2016.
  • Link: Local

2013

Correlating GSM and 802.11 Hardware Identifiers

  • Abstact: The hardware identifiers of common wireless protocols can be exploited by adversaries for both tracking and physical device association. Rather than examining hardware identifiers in isolation, we observe that many modern devices are equipped with multiple wireless interfaces of different physical types, \eg GSM and 802.11, suggesting that there exists utility in \emph{cross-protocol hardware identifier correlation}. This research empirically examines the feasibility of such cross-protocol association, concentrating on correlating a GSM hardware identifier to that of the 802.11 hardware identifier on the same device. Our dataset includes 18 distinct mobile devices, with identifiers collected over time at disparate locations. We develop correlation techniques from the perspective of two adversaries: i) limited, able to observe identifiers only in time and space; and ii) a more advanced adversary with visibility into the data stream of each protocol. We first test correlation via temporal and spatial analysis using only basic signal collection, mimicking an RF collection with no decryption or data processing capability. Using a constrained optimization algorithm over temporal and spatial data to perform matching, we demonstrate increasing association accuracy over time, up to approx 80% in our experiments. Our second approach simulates the added capability to collect, decrypt, and reconstruct specific application protocol data, and parses the data of one protocol using search terms derived from the other. With the combined techniques, we achieve 100% accuracy and precision.
  • Authors: Jeremy Martin, Danny Rhame, Robert Beverly, and John McEachen
  • Publication: Proceedings of the Military Communications Conference (MILCOM) - San Diego, CA, November 2013
  • Link: Local