MagicPairing: Apple's Take on Securing Bluetooth Peripherals
This addresses security flaws in Bluetooth pairing for IoT users and manufacturers, though it is incremental as it builds on existing protocols.
The paper analyzes Apple's MagicPairing protocol, which enhances Bluetooth security for IoT devices while maintaining usability and compliance, but identifies vulnerabilities in its implementations through fuzzing techniques.
Device pairing in large Internet of Things (IoT) deployments is a challenge for device manufacturers and users. Bluetooth offers a comparably smooth trust on first use pairing experience. Bluetooth, though, is well-known for security flaws in the pairing process. In this paper, we analyze how Apple improves the security of Bluetooth pairing while still maintaining its usability and specification compliance. The proprietary protocol that resides on top of Bluetooth is called MagicPairing. It enables the user to pair a device once with Apple's ecosystem and then seamlessly use it with all their other Apple devices. We analyze both, the security properties provided by this protocol, as well as its implementations. In general, MagicPairing could be adapted by other IoT vendors to improve Bluetooth security. Even though the overall protocol is well-designed, we identified multiple vulnerabilities within Apple's implementations with over-the-air and in-process fuzzing.