Knowlesys

Apple data transfer vulnerability: New wireshark dissector available

Recently, researchers are expressing concern about the security of Apple's data transfer process, where hackers may attempt to capture network packets containing sensitive information related to Apple's iOS and its users' data.

This potential security risk has led to the development of a new Continuity Wireshark Dissector designed to capture Bluetooth protocol data from iOS devices when transferring Apple data between two or more devices.

The Cyber Express team has been in contact with Apple regarding the potential leak. However, no official response has been received yet.

The new Wireshark Dissector

Apple iOS devices are known for their seamless integration and data exchange with other Apple devices. This Apple data transfer is done through iOS's iBeacon technology, which allows wireless communication between devices.

The "Continuity" dissector, developed by Guilherme Rambo (Insidegui) and shared in the Netspooky/Dissector repository, is specifically designed to analyze Apple data transfers between iOS devices.

Wireshark is a widely used network protocol analyzer that provides security professionals with an efficient tool for examining and profiling network traffic.

Continuity Protocol Dissector enhances Wireshark's capabilities by allowing analysts to examine the content of advertising beacons and extract valuable information from Apple manufacturing data.

According to the researchers, Continuity Protocol Dissector purports to capture packets from external interfaces that can then be analyzed later using Wireshark or tshark (the command-line counterpart of the Wireshark plugin).

Get ready for iterative updates

The new Wireshark Dissector has generated a great deal of interest and discussion within the community, bringing to light potential vulnerabilities in Apple's data transfer process.

This tool enables security analysts to capture and analyze Bluetooth traffic using the Wireshark plugin or its command line counterpart, tshark.

By leveraging this dissector and using the display filter "acble" to focus on continuity protocol data, analysts can better understand the communication between iOS devices and identify any potential security vulnerabilities in Apple's data transmissions.

Continuity Protocol Dissector continues to evolve, releasing regular updates to address changes and extensions in the protocol and to support new message types.

While further updates are currently underway, the dissector provides a large number of features for analyzing Apple's BLE ad-hoc beacon protocol.

To delve into the Apple Continuity Protocol and analyze the Apple BLE ad beacon protocol, interested parties can visit the GitHub repository maintained by Guilherme Rambo (aka Insidegui) in the Netspooky/Dissectors repository.

By staying informed and taking proactive steps to address potential security risks, users can help secure Apple's data transfer process and contribute to a more secure digital environment.