Multipeer Connectivity on iOS 9

Apple just released iOS 9, which fixes a good number of security issues, and includes a mitigation for a man-in-the-middle attack on Multipeer Connectivity I presented last year at Black Hat US:

The issue was that an attacker on the network could downgrade the encryption level of a Multipeer Connectivity session configured with MCEncryptionOptional to MCEncryptionNone (ie. plaintext communication), even if authentication was enabled.

Apple did not fix the core issue with MCEncryptionOptional, as it would require significant changes to the implementation, in order to have each peer validate the security settings exchanged during the handshake after authentication is performed.

However they changed the default encryption level (used when the App does not explicitly specify one) from MCEncryptionOptional to MCEncryptionRequired, which is not vulnerable to the downgrade attack. Overall, this change should protect most Apps, but the ideal solution would have been to remove MCEncryptionOptional altogether.

Alban Diquet - 19 Sep 2015 at 20:02