Apple Phone Call Protocol Hacked

Apple Phone Call Protocol Hacked

Apple Phone Call Protocol intercepted using Spy Program

Apple introduced on iOS 8 and Yosemite under the name Continuity a new features. These features allow iPhones to work with other iDevices such as Macs and iPads in new ways. Handoff, Instant hotspot and Airdrop are some of the new services offered by Continuity. Among these new services is one named “Call Relay”. Essentially, it allows one to make and receive phone calls via iDevices and route them through the iPhone. This is not the typical VOIP service as it’s a P2P connection based on a proprietary protocol.

Apple Phone Call Protocol Hacked demo

DIY Spy Program: Abusing Apple‘s Call Relay Protocol (CVEs 2016-4635, 2016-4721, 2016-4722, 2016-7577)

How this work

The attack must be on the same network is able to fingerprint the victim’s traffic to detect ongoing calls. He then calls the victim which may place the current call briefly on hold to pick up. The attacker waits for the victim to switch calls back or even hang up but blocks those packets. Effectively, the victim will see in the UI that he is talking to the first caller again but he will still be connected to the attacker.

iphone-call-hacked

Source Full history: Spying on victims iPhone call  by Martin Vigo

DIY Spy Program: Abusing Apple’s Call Relay Protocol