AirDrop 很容易泄露电话号码的 SHA-256 hash?从而很容易泄露电话号码
wyfyw · 2021-04-25 21:51:23 +08:00 · 8742 次点击这是一个创建于 1310 天前的主题,其中的信息可能已经有所发展或是发生改变。
苹果 2019 年就从研究者那里知道了此事,至今没有改变。
https://www.ithome.com/0/548/301.htm
当用户启动 AirDrop 功能时,苹果会将用户电话号码、电子邮箱以加密形式传播到其 Wi-Fi 和蓝牙范围内,以检测附近可连接设备。如果用户与另一设备通过 AirDrop 匹配成功,双方将会交换电话和电子邮件信息的完整的加密散列( SHA-256 散列)。
https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it/
To determine if the device of a would-be sender should connect with other nearby devices, AirDrop broadcasts Bluetooth advertisements that contain a partial cryptographic hash of the sender's phone number and email address. If any of the truncated hashes matches any phone number or email address in the address book of the receiving device or the device is set to receive from everyone, the two devices will engage in a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the owners' phone numbers and email addresses.
向 Wi-Fi 广播电话号码的 SHA-256 ?想出来这个办法的人真是天才(天杀的蠢材)。
https://www.ithome.com/0/548/301.htm
当用户启动 AirDrop 功能时,苹果会将用户电话号码、电子邮箱以加密形式传播到其 Wi-Fi 和蓝牙范围内,以检测附近可连接设备。如果用户与另一设备通过 AirDrop 匹配成功,双方将会交换电话和电子邮件信息的完整的加密散列( SHA-256 散列)。
https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it/
To determine if the device of a would-be sender should connect with other nearby devices, AirDrop broadcasts Bluetooth advertisements that contain a partial cryptographic hash of the sender's phone number and email address. If any of the truncated hashes matches any phone number or email address in the address book of the receiving device or the device is set to receive from everyone, the two devices will engage in a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the owners' phone numbers and email addresses.
向 Wi-Fi 广播电话号码的 SHA-256 ?想出来这个办法的人真是天才(天杀的蠢材)。
第 1 条附言 · 2021-04-26 23:16:27 +08:00
仔细看了论文,主要篇幅在于如何提高 AirDrop 所需要的 offline verification 的隐私程度。AirDrop 泄露 sender 的电话号码的 SHA-256 的原因真的很简单,也很容易复现。
2021 年才发现是因为这个协议是私有协议,开源 community 不太关心吧。想必各路情报部门早就知晓并持续利用过这些问题了。
在这个苹果爱好者论坛,居然一个回贴都没有。感觉诸位也就是叶公好龙而已。哈哈
贴一下链接和内文
https://www.usenix.org/system/files/sec21fall-heinrich.pdf
3.3 Contact Identifier Leakage of Sender
During the AirDrop authentication handshake, the sender always
discloses their own contact identifiers as part of the initial
HTTPS POST /Discover message (cf. Fig. 1). A malicious
receiver can therefore learn all (hashed) contact identifiers
of the sender without requiring any prior knowledge of their
target. To obtain these identifiers, an attacker simply needs
to wait (e.g., at a public hot spot) until a target device scans
for AirDrop receivers, i.e., the user opens the AirDrop sharing
pane. The target device will freely send a discover message
to any AirDrop receiver found during the previous DNS-SD
service lookup. Therefore, an attacker can learn the target’s
validation record without any authentication by simply announcing
an AirDrop service via multicast DNS (mDNS).
After collecting the validation record, the attacker can recover
the hashed contact identifiers offline.
2021 年才发现是因为这个协议是私有协议,开源 community 不太关心吧。想必各路情报部门早就知晓并持续利用过这些问题了。
在这个苹果爱好者论坛,居然一个回贴都没有。感觉诸位也就是叶公好龙而已。哈哈
贴一下链接和内文
https://www.usenix.org/system/files/sec21fall-heinrich.pdf
3.3 Contact Identifier Leakage of Sender
During the AirDrop authentication handshake, the sender always
discloses their own contact identifiers as part of the initial
HTTPS POST /Discover message (cf. Fig. 1). A malicious
receiver can therefore learn all (hashed) contact identifiers
of the sender without requiring any prior knowledge of their
target. To obtain these identifiers, an attacker simply needs
to wait (e.g., at a public hot spot) until a target device scans
for AirDrop receivers, i.e., the user opens the AirDrop sharing
pane. The target device will freely send a discover message
to any AirDrop receiver found during the previous DNS-SD
service lookup. Therefore, an attacker can learn the target’s
validation record without any authentication by simply announcing
an AirDrop service via multicast DNS (mDNS).
After collecting the validation record, the attacker can recover
the hashed contact identifiers offline.
目前尚无回复
Select Language