Talks

2023, 27. - 30. December

Bifröst: Apple's Rainbow Bridge for Satellite Communication

Apple's cutting-edge emergency SOS and location sharing services provide crucial communication alternatives when no cellular network is available. This talk will shed light on how these satellite services work, how they are integrated into existing fall and crash detection, present the security measures employed to safeguard resource access and privacy, and explore how this communication is embedded within the operating system.

Joined talk with Jiska Classen

2023, 12. - 13. October

Lois... Ma... Mommy...: Stewie Talking to Apple's Satellite Network

Apple's cutting-edge emergency SOS and location sharing services have empowered users with crucial communication alternatives, particularly when traditional network coverage is not available. This talk will shed light on the functioning of these satellite services, present the security measures employed to safeguard resource access and privacy, and explore how this communication is embedded within the operating system.

Joined talk with Jiska Classen

2023, 23. - 24. September

Protection against stalking by AirTags and other trackers (German)

Alexander and Leon showed how AirTags and other trackers actually work, what dangers they pose and how you can effectively protect yourself from tracking. It is shown how exactly these trackers actually are and how many people are affected by stalking by them. In addition, topics such as reverse engineering of iOS functions are discussed, as well as the implementation of Bluetooth functions in iOS apps.

Joined talk with Leon Böttger

2023

Attacking Ultra-Wideband: Security Analysis of UWB Applications in Smartphones

Ultra-wideband (UWB) is a new wireless layer that is now integrated into high-end smartphones, enabling fine-grained distance measurements between devices. This technology introduces new features, including indoor-location, item finders, and digital car keys, but it also opens up new attack vectors, particularly in security-sensitive contexts. Attackers may seek to reduce the measured distance to gain unauthorized access to physical goods. In this talk, we will cover the basics of UWB, implementations in iPhones, the accuracy of measurements, and potential attacks against it.

Joined talk with Jiska Classen

2022

AirGuard - Protecting Android Users From Stalking Attacks By Apple Find My Devices

Finder networks, like Apple's Find My, raise privacy and safety concerns for stalking. Apple's AirTag tracker amplifies the issue. Android lacks a robust stalking protection solution, despite Apple's "Tracker Detect" app. We reverse engineer iOS tracking protection, develop "AirGuard" a tracking detection app for Android, and compare their performance using data from active users.

2022

AirGuard - Protecting Android Users From Stalking Attacks By Apple Find My Devices

Finder networks, like Apple's Find My, raise privacy and safety concerns for stalking. Apple's AirTag tracker amplifies the issue. Android lacks a robust stalking protection solution, despite Apple's "Tracker Detect" app. We reverse engineer iOS tracking protection, develop "AirGuard" a tracking detection app for Android, and compare their performance using data from active users.

2021

Wibbly Wobbly, Timey Wimey Whats Inside Apples U1 chip

Apple introduced an Ultra Wideband (UWB) chip in the iPhone 11. Its cryptographically secured spatial measurement capabilities are accessible via the Nearby Interaction framework since iOS 14. As of now, it only supports interaction with other Apple devices including the latest Apple Watch and HomePod mini. These are the first steps to support UWB in a larger ecosystem, as measuring precise distance and direction can be an enabler for various future applications. The automotive industry already announced UWB support for mobile car keys on the iPhone.

Joined talk with Jiska Classen

2021

Wibbly Wobbly, Timey Wimey Whats Inside Apples U1 chip

Apple introduced an Ultra Wideband (UWB) chip in the iPhone 11. Its cryptographically secured spatial measurement capabilities are accessible via the Nearby Interaction framework since iOS 14. As of now, it only supports interaction with other Apple devices including the latest Apple Watch and HomePod mini. These are the first steps to support UWB in a larger ecosystem, as measuring precise distance and direction can be an enabler for various future applications. The automotive industry already announced UWB support for mobile car keys on the iPhone.

Joined talk with Jiska Classen

2021

Disrupting Continuity of Apple's Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi

Apple controls a large mobile ecosystem with 1.5 billion active devices and offers twelve wireless Continuity services. Previous research has identified security and privacy issues in these protocols, particularly AirDrop. However, little attention has been given to the remaining Continuity services. To simplify the reverse-engineering process, we provide a structured analysis guide using macOS tools and develop an automated toolkit. Using this approach, we analyze three Continuity services (Handoff, Universal Clipboard, and Wi-Fi Password Sharing) and uncover vulnerabilities ranging from Bluetooth Low Energy advertisements to Apple's authentication protocols. These vulnerabilities enable device tracking, denial-of-service attacks, and man-in-the-middle attacks. We demonstrate proof-of-concept attacks using affordable hardware and offer mitigation suggestions. Our findings have been shared with Apple, who have begun releasing fixes through updates.

2019

The Magic Behind Handoff

Handoff, the Universal Clipboard and the exchange of WiFi passwords to friends. All these are almost magical functions of the Apple ecosystem and we use them daily. But, how does the magic behind the whole system work and what can we learn from Apple when we look at what actually happens here? This lecture deals with the structure and replica of the functions and is suitable for all interested parties.

2018

Voice Commands with Siri in iOS 12

Siri Shortcuts offer a new way to create your own voice commands for Siri and use them conveniently. Shortcuts can be made both from the Siri voice control and via the new Shortcuts app in combination with shortcuts from other apps. It is shown how Siri shortcuts can be used, how to test them and what added value they offer for your own app.