Discovering and Exploiting Novel Security Vulnerabilities in Apple ZeroConf

by Luyi Xing, Xiaolong Bai
Sept. 15, 2017 1 comment belen_caty Pen Testing & Audits

With the proliferation of portable computing systems such as tablet, smartphone, Internet of Things, etc., ordinary users are facing the increasing burden to properly configure those devices, enabling them to work together. In response to this utility challenge, major device manufacturers and software vendors tend to build their systems in a "plug-and-play" fashion, using techniques dubbed zero-configuration (ZeroConf). Such ZeroConf services are characterized by automatic IP selection, host name resolving and target service discovery. As the major proponent of ZeroConf techniques, Apple has adopted ZeroConf techniques in various frameworks and system services on iOS and OS X to minimize user involvements in system setup. However, when the design pendulum swings towards usability, concerns may arise whether the system has been adequately protected. In this presentation, we will report the first systematic study on the security implication of these ZeroConf techniques on Apple systems.

Steven Ulm 5 months, 4 weeks ago

Vulnerabilities in Apple, few but important. A must read for the notebook owners!