Modern devices provide more and more functionality, simplifying everyday tasks. Obscured from the user are the complex, proprietary, and undocumented protocol stacks, most of them always listening in the background. In this thesis, we take a look at one of these features, Apple Wi-Fi Password Sharing, which enables users to share the Wi-Fi password to guests in their home. We publish documentation of involved frameworks, describe the actual protocol, and search for vulnerabilities. Besides one implementation bug, we find multiple small flaws in the protocol and user interface, which we combine into two attacks, a denial-of-service attack, which crashes the iOS settings app, and a man-in-the-middle attack, which spoofs the victim into an attacker-controlled Wi-Fi network.
Mar 2020
Completed