
One Billion Apples’ Secret Sauce: Recipe for Apple Wireless Direct Link Protocol - jonashoechst
https://arxiv.org/abs/1808.03156
======
djoldman
"We have found that AWDL connections do not feature any security mechanism.
All action and data frames are sent in plain and without authentication. AWDL
delegates security functions to the transport and application layer, e. g.,
AirDrop uses TLS 1.2. The approach appears to be an informed decision to
implement application dependant[sic] policies: a device might be trusted for
sending an image file via AirDrop, but not for remote-controlling a Keynote
presentation."

~~~
PaulHoule
For that matter I don't like interference on the crowded WiFi bands.

It seems some creep uses AirDrop to send some lewds to somebody else on a
plane every other week.

I want to know my mac is using my wired and wireless network the way I intend
rather than degrading the performance of WiFi, Bluetooth, ZigBee, Z-Wave, and
other protocols that keep piling into unlicensed airspace.

~~~
matthewmacleod
To be clear, this feature is standards-compliant WiFi. It uses standard 802.11
frames and leverages the vendor-specific features to allow custom payloads.
It’s not “degrading the performance” of WiFi - it _is_ WiFi.

~~~
PaulHoule
Unlicensed spectrum is limited. There are just three channels in the 2.4 GHz,
and not really more than in the 5 GHz band because most of the 5 GHz band is
occupied by weather radar and you can only use that spectrum if you pay the
patent trolls for the coexistence technology specified by law.

When you turn on a WiFi analyzer program and see many WiFi networks using the
same spectrum, there is interference. It isn't that it "stops working" but you
will get packet loss, reduced data transfer, etc. Every printer that sets up
its own AP, every phone that is a hotspot, is interference.

If you want and really use these services that is one thing, but it is insane
that people use WiFi to print at a mall store when they could hook up the
printer to the register with a 6 foot cable.

The article itself shows a substantial degrade of WiFi performance on the Mac
itself because the mac is momentarily disconnecting from the real network to
stay synchronized with the lewds network.

~~~
mstute
The degradation happens only when you explicitly start using a service (such
as AirDrop) that uses AWDL. The AWDL interface becomes inactive once there is
no more traffic on the interface. In the measurements, we show the performance
when both infrastructure and AWDL traffic is present (i.e., the Wi-Fi radio
needs to switch channels in between).

In fact one could argue that AWDL actually reduces "interference" because two
neighboring devices can communicate directly and do not need to go an
additional one-hop detour over an access point.

------
spunker540
One neat application is sharing WiFi passwords— I was recently at a friends
place and when I went to sign in to their home WiFi on my iPhone I believe
they got a pop up on their phone saying “share password with xyz’s iPhone?”
And the whole thing was super seamless, with no need for them to look it up
and no need for me to type it in.

~~~
samstave
so in the future - you can "war pop-up" random wifi's owners - by simply
attempting to connect to the wifi and forcing a pop-up that says "Share wifi
password with 'Save 15% of Geico's iPhone?"

~~~
jeromegv
No. It only works when you have each other within your Contacts list.

[https://www.macrumors.com/how-to/share-your-wifi-password-
wi...](https://www.macrumors.com/how-to/share-your-wifi-password-with-a-
friend/)

~~~
justtopost
So are they tracking your contacts or can you spoof it from your phone? If one
is not possible the other should be.

~~~
tinus_hn
On iPhone you have an iMessage acccount which is tied to the phone number. It
can be done on the device, so it probably is.

------
ReverseCold
Still waiting on an AirDrop client for non-Apple products. It works really
well and is pretty convenient. Maybe this paper will help.

~~~
anonu
I've had the opposite experience with air drop... It's never worked for me
even with a fair amount of tinkering. I end up just running an ssh server and
scping stuff around...

~~~
mitchty
Never really had an issue with it, even use it to send my details to others
for contacts. Faster than handing phones around, and people then start sending
me "happy birthday" texts as my contact info has that junk in it.

------
st3fan
I still have openairdrop.org available to link to the first open source
project to implement this protocol.

------
exabrial
Man it would be great to have an Android implementation. I like my MacBook
running osx but I don't like iPhone hardware

~~~
natvert
Or lack of real software ownership e.g. no root allowed!)

~~~
natvert
Wow. No love. Isn't lack of root like buying a house but the builder refusing
to give you a master key or permission to change the locks?

~~~
balladeer
I would say it's more like seller not allowing you to dig the whole house
inside out and build one from scratch by choosing the size of brick, how much
they were baked, brand of cement used and all that. Like they do not allow
something like this in gated communities/apartments.

------
saagarjha
Interestingly, they seem to based some of their research on the leaked source
code for a Broadcom driver, which has now been taken down. So much for
reproducible research, I guess?

------
bunnycorn
Nice, I really wish this protocol would be available for Android as the number
of applications would be immense (Apple's Multipeer Connectivity Framework).

But it looks like Apple will deprecate this sooner or later, since they have
joined The Thread Group [1]

[1] [https://www.macrumors.com/2018/08/07/apple-thread-group-
smar...](https://www.macrumors.com/2018/08/07/apple-thread-group-smart-home-
mesh-networking/)

~~~
djrogers
I really don’t see Thread as being in the same ballpark as AWDL - they have
very different goals and use cases.

------
innagadadavida
Air drop is fast for sure.

Feature request: make it work the same when you share videos and photos via
messages or photos app.

~~~
briandear
Could you describe your feature in more detail? I am interested in what you
are asking, but I don’t think I understand clearly.

------
dang
Url changed from [https://owlink.org](https://owlink.org), which points to
this.

------
travbrack
Secret apple sauce?

