Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

Ok, this is about Bonjour, which is pretty cool. David Abramson and I released a multiplayer Horse Racing game, called PocketJockey on iOS 2.1. During game play each device would play its local copy of the William Tell Overture. We used packet latency to synchronize tracks. You would then bounce up and down as though you were a jockey. If you bounced in time to the music your horse would go faster. There was an announcer that would announce the status of your horse, which was also in synch. Up to 4 players could be playing in the same room with the exact same music and announcer emanating from their pocket. All on the original iPhone. To use an overused term, the experience was "magical" That's what you can do with Bonjour.

So, what's the attack vector? A back door, perhaps? Bonjour requires a user approval dialog. A misleading title of the dialog may allow someone to connect. Maybe extract private data.

Imagine a peer-to-peer chat app. Say, in Hong Kong -- during a protest. Or in Kabul -- during an evacuation.



What's funny, is all these issues were raised when Apple rolled out Zeroconf (old name for Bonjour). Apple pointed out that it wasn't a vulnerability, and that not doing it was akin to punching people who came in the front door, while leaving illegal entry unattended.


I thought it used to be called Rendezvous :)

Edit: Yes. "After its introduction in 2002 with Mac OS X 10.2 as Rendezvous, the software was renamed in 2005 to Bonjour following an out-of-court trademark dispute settlement." https://en.wikipedia.org/wiki/Bonjour_(software)


Funny, I've been calling it Bonjourdevous for what seems a very long time.


You're right. I misremembered. Zeroconf was an umbrella name for related technologies.

Damn, I'm getting old.


It's also worth noting that Bonjour support for other devices was a complete shitshow! I had iTunes installed on my old Windows 7 desktop, and Bonjour was the service that taught me how to forcibly exit a program in task manager. It must have had a memory leak back then, because I remember seeing it chew up anywhere from 100 to 500mb of memory...


mDNS worked fine on Windows, it was just Apple's terrible implementation that was a disaster.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: