Open Wireless Link
Welcome to the Open Wireless Link (OWL) project. We are researchers from the Secure Mobile Networking Lab at TU Darmstadt looking into Apple’s wireless ecosystem. Our goal is to assess security and privacy as well as enable cross-platform compatibility for next-generation wireless applications. We started by investigating the Apple Wireless Direct Link (AWDL) protocol and will go beyond. You can read our publications and use our open source code projects. If you have questions or would like to collaborate, feel free to contact us.
In this article, we are going to get AirDrop running on a Raspberry Pi 3 (not B+, unfortunately) running Rasbian Stretch. While AirDrop itself implements a HTTP-based protocol (see OpenDrop), it uses a dedicated Wi-Fi based link layer called Apple Wireless Direct Link (AWDL). In order to use AirDrop, we’ll enable AWDL capabilities on the Raspberry Pi using OWL, our open AWDL implementation. OWL is implemented as user space program and requires a Wi-Fi card with working monitor mode and frame injection.
We conducted a security and privacy analysis on AWDL and AirDrop and are proud to announce that the resulting paper A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link was accepted at USENIX Security ’19. Read the paper and try out our AWDL and AirDrop implementations. See you in California in August!
The newest major Wireshark release (3.0.0) includes our dissector for Apple Wireless Direct Link (AWDL) based on our MobiCom’18 paper.
Today, we received the MobiCom ’18 Best Community Paper Award for our paper One Billion Apples’ Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol. The award recognizes “intellectually exciting ideas, combined with a substantive contribution in computer code, experimental data, or other artifacts deemed useful to the research community at large.” In addition, we received the MobiCom ’18 Best Demo Award (one of two) for the accompanying demo Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link. We thank the juries for the awards and hope that our work can be useful for others.
We have disclosed a vulnerability (CVE-2018-4368) to Apple that allowed us to crash iOS (and also macOS, tvOS, and watchOS) devices remotely via Wi-Fi. We demonstrate a working exploit which allows us to target a single device but also all devices in proximity in parallel. The exploit does not require any user interaction and, thus, might force a device into an indefinite boot loop. Apple has just released security updates for all of its operating systems which we recommend everyone to install.
Our demo paper Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link was accepted at ACM MobiCom ’18. In the demo, we present a working prototype of AWDL for Linux-based systems. Read our paper here.
Our paper on reverse engineering and analyzing the Apple Wireless Direct Link (AWDL) ad hoc protocol One Billion Apples’ Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol was accepted at ACM MobiCom ’18. Read our paper here. See you in New Delhi in October!
subscribe via RSS