Staying Secure and Unprepared - Understanding and Mitigating the Security Risks of Apple ZeroConf

Explore a comprehensive analysis of security vulnerabilities in Apple's ZeroConf systems in this IEEE conference talk. Delve into the lack of security considerations in major ZeroConf frameworks on Apple platforms, including Core Bluetooth Framework, Multipeer Connectivity, and Bonjour. Examine how popular apps and system services like Tencent QQ, Apple Handoff, printer discovery, and AirDrop are susceptible to impersonation and Man-in-the-Middle attacks. Understand the serious consequences of these vulnerabilities, such as theft of SMS messages, email notifications, and documents. Learn about the fundamental security challenges in ZeroConf techniques and discover newly developed protection methods, including conflict detection and a biometric approach using voice recognition. Gain insights from security analysis and user studies involving 60 participants, demonstrating the effectiveness and user acceptance of these new protection measures against emerging threats like speech synthesis attacks.

Introduction
Boundary Protocol
Traditional Network
Example
Printer
Why did it happen
Airdrop
Airdrop Example
Recap
Customization
MultiPure Connectivity
Unique IDs
Zero Configuration
Summary
Measurement Study
Defense Mini
Conclusion
Questions