[TheRecord] Apple fixes AWDL bug that could be used to escape air-gapped networks

Apple has fixed a vulnerability in its Apple Wireless Direct Link (AWDL) technology that could have been abused by threat actors to escape and steal data from air-gapped networks.

Silently patched earlier this spring, in April — with the release of iOS 14.5, iPadOS 14.5, watchOS 7.4, and Big Sur 11.3 — the vulnerability was publicly disclosed for the first time earlier this week in a blog post by Mikko Kenttälä, a Finish security researcher and the founder and CEO of SensorFu.

Bug lets attackers bounce connections on Apple devices

Kenttälä discovered the issue in AWDL, a protocol that Apple rolled out in 2014 that allows Apple devices to talk to each other via a Bluetooth or WiFi connection.

While most Apple users might not be aware of the protocol’s existence, AWDL is the base of Apple services like AirPlay and AirDrop, and Apple has included AWDL by default on all devices the company has sold in recent years, such as Macs, iPhones, iPads, Apple watches, Apple TVs, and HomePods.

As part of its default functionality, the AWDL protocol automatically scans for other nearby Apple devices that come into its range, and it might need to connect in the future. This behavior takes place silently, in the phone’s background, and at any time as long as an Apple device’s WiFi or Bluetooth connection is enabled.

The technical background of this bug is a bit complicated and explained much better in Kenttälä’s blog post, but to summarize, the researcher effectively found a method to use ICMPv6 and IPv6 packets to take data from an infected system, bounce the packets on a nearby AWDL-capable Apple device, and send the stolen files to another device with an IPv6 address.

The threat to air-gapped networks

While there are better ways to steal data from a device, Kenttälä said that this particular bug was an issue for the operators of air-gapped networks.

Designed to operate without an internet connection and physically separate from an organization’s main office network, air-gapped networks are typically used by government, military, or corporate entities to store sensitive data, such as classified files or intellectual property.

Kenttälä says that if a threat actor manages to infect a device in any of these super-secure networks, the bug he discovered could have been abused to steal data any time an employee with an iPhone or other Apple device passed through the vicinity of the air-gapped network.

If the passer-by’s device had a mobile data connection enabled, the attacker would bounce small amounts of data to a remote system, as can be seen in a proof-of-concept video Kenttälä published on YouTube, embedded below:

These types of attacks are often derided by the cybersecurity community due to the amount of if and buts required to be successful.

However, those who operate these types of networks always take them very seriously, as they know that the threat actors they’re protecting against would go to extreme lengths to compromise such systems and have the ability to infect these systems with malware if they’d wished to.

The post Apple fixes AWDL bug that could be used to escape air-gapped networks appeared first on The Record by Recorded Future.

Source: Read More (The Record by Recorded Future)

You might be interested in …

[TheRecord] Report: Beijing, Moscow step up efforts to control the Internet’s backbone

Authoritarian governments — particularly in Beijing and Moscow — are stepping up their efforts to buy or influence companies responsible for laying the undersea cables that shuttle online communications between countries and servers, according to a report released on Monday. Submarine cables are the backbone of the Internet and the concern is that undersea cable […]

Read More

[ZDNet] Microsoft warns: These attackers can go from first contact to launching ransomware in just 48 hours

All posts, ZDNet

Human operators make BazaCall malware harder than usual to detect malicious email. The group sometimes installs nasty Ryuk ransomware. Source: Read More (Latest topics for ZDNet in Security)

Read More

[TheRecord] White House to announce new cyber initiatives with private sector

The Biden administration and a roster of America’s largest private companies on Wednesday will announce a series of initiatives meant to address some of the country’s systemic cybersecurity problems, including workforce training and protection of critical infrastructure. The agreements are expected to be released after a White House summit between President Joe Biden’s national security […]

Read More

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.