We got into a discussion last night about using an iPad on an unsecured WiFi network, like in a Starbucks or in a hotel. What does the iPad expose to the network?
I’ve run a pretty intense scan against my iPad using Zenmap and found that the following ports are open:
- 62078 – This is used for synching over WiFI to iTunes. Disabling WiFi synch closes the port. There seems to be some security and authentication protocols involved here.
- 5353 – MDNS. The iPad is listening for devices advertising via the Bonjour (Avahi) protocol.
So, the question is whether the data sent for synching is encrypted and whether the authentication protocol is reasonably strong. Unfortunately, I have yet to discover anything definitive about this on an Apple site.indicates that there’s lots of encryption taking place. (If you can find a link, please add a comment!)
Here are the raw scan results
Nmap scan report for 192.168.123.109
Host is up (0.0047s latency).
Not shown: 1945 closed ports, 53 filtered ports
PORT STATE SERVICE VERSION
62078/tcp open iphone-sync?
5353/udp open mdns DNS-based service discovery
MAC Address: 28:6A:BA:07:0A:BC (Ieee-sa)
Device type: media device|phone
Running: Apple iOS 4.X|5.X
OS CPE: cpe:/o:apple:iphone_os:4 cpe:/o:apple:iphone_os:5
OS details: Apple iOS 4.4.2 – 5.0.1 (Darwin 11.0.0)
Uptime guess: 25.552 days (since Tue Jul 24 00:07:00 2012)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=252 (Good luck!)
IP ID Sequence Generation: Randomized