Demo: Brute-forcing a macOS user’s real name from a browser using mDNS
This article is the second in a series that explores potential privacy vulnerabilities in Apple devices. In the first article, we discussed detecting a system Apple ID region. This article presents a technique for revealing a user's first name without permissions using the mDNS protocol.
Continue reading at source.In this article, we explain how the real name of a macOS user can be leaked through a browser without permissions. The proof of concept demo is optimized for performance rather than accuracy and results may be affected by device or network configuration.
The name brute-forcing technique uses a pre-made list of the 50 most popular gender-specific names from a specific country origin. Our experiments showed that this is enough to detect a macOS user’s name correctly in 65% of the cases on average.
It's important to mention that the proof of concept demo is simply a demonstration of the attack and may not be successful in some cases. Some of the factors that could impact the results are:
If the demo does not work for you, consider using the advanced configuration settings to verify the list of the probed names and the device name pattern applied. If you use a VPN, consider testing it with and without VPN, because the result may change.
- The presence of rare or unique names or non-standard macOS hostnames
- Particular network configurations or VPN networks
- Enabled firewall in macOS network settings
Conclusion
Considering the inherent weaknesses and numerous limitations, this attack isn't practical. It can be effortlessly detected in the network tab of browser developer tools unless there is deliberate intent from a website owner to de-anonymize its visitors.
This series of articles merely explores the boundaries of internet privacy and relies on unconventional privacy breaching techniques. As another example, by combining this method with detection of installed applications, there’s a potential to develop a harmful website capable of displaying your real name and job title, based on the list of professional applications used, all without requiring any permissions.
Even though this article mentions Apple devices running macOS, the mDNS discovery technique can be utilized in variety of ways. For instance, it could be used to perform a local network scan to detect devices such as printers, smart TVs, smart speakers, and other home IoT devices.
This method is also applicable to iPhones and iPads, given that sync over Wi-Fi or Safari remote debug features are activated.
Source: https://fingerprint.com/blog/apple-macos-mdns-brute-force/