{"id":"https://openalex.org/W7154937803","doi":"https://doi.org/10.48550/arxiv.2604.15637","title":"Too Private to Tell: Practical Token Theft Attacks on Apple Intelligence","display_name":"Too Private to Tell: Practical Token Theft Attacks on Apple Intelligence","publication_year":2026,"publication_date":"2026-04-17","ids":{"openalex":"https://openalex.org/W7154937803","doi":"https://doi.org/10.48550/arxiv.2604.15637"},"language":null,"primary_location":{"id":"doi:10.48550/arxiv.2604.15637","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.15637","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"type":"preprint","indexed_in":["datacite"],"open_access":{"is_oa":true,"oa_status":"green","oa_url":"https://doi.org/10.48550/arxiv.2604.15637","any_repository_has_fulltext":true},"authorships":[{"author_position":"first","author":{"id":"https://openalex.org/A5022422076","display_name":"\u5468\u6d69\u73b2","orcid":null},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhou, Haoling","raw_affiliation_strings":["The Ohio State University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5060431855","display_name":"Shixuan Zhao","orcid":"https://orcid.org/0000-0003-2992-3434"},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Zhao, Shixuan","raw_affiliation_strings":["The Ohio State University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"middle","author":{"id":"https://openalex.org/A5134011768","display_name":"Chao Wang","orcid":null},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Wang, Chao","raw_affiliation_strings":["The Ohio State University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]},{"author_position":"last","author":{"id":"https://openalex.org/A5134086213","display_name":"Zhiqiang Lin","orcid":null},"institutions":[{"id":"https://openalex.org/I52357470","display_name":"The Ohio State University","ror":"https://ror.org/00rs6vg23","country_code":"US","type":"education","lineage":["https://openalex.org/I52357470"]}],"countries":["US"],"is_corresponding":false,"raw_author_name":"Lin, Zhiqiang","raw_affiliation_strings":["The Ohio State University"],"raw_orcid":null,"affiliations":[{"raw_affiliation_string":"The Ohio State University","institution_ids":["https://openalex.org/I52357470"]}]}],"institutions":[],"countries_distinct_count":1,"institutions_distinct_count":1,"corresponding_author_ids":[],"corresponding_institution_ids":["https://openalex.org/I52357470"],"apc_list":null,"apc_paid":null,"fwci":null,"has_fulltext":false,"cited_by_count":0,"citation_normalized_percentile":null,"cited_by_percentile_year":null,"biblio":{"volume":null,"issue":null,"first_page":null,"last_page":null},"is_retracted":false,"is_paratext":false,"is_xpac":false,"primary_topic":{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.39649999141693115,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},"topics":[{"id":"https://openalex.org/T11241","display_name":"Advanced Malware Detection Techniques","score":0.39649999141693115,"subfield":{"id":"https://openalex.org/subfields/1711","display_name":"Signal Processing"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T11800","display_name":"User Authentication and Security Systems","score":0.28299999237060547,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}},{"id":"https://openalex.org/T12034","display_name":"Digital and Cyber Forensics","score":0.06279999762773514,"subfield":{"id":"https://openalex.org/subfields/1710","display_name":"Information Systems"},"field":{"id":"https://openalex.org/fields/17","display_name":"Computer Science"},"domain":{"id":"https://openalex.org/domains/3","display_name":"Physical Sciences"}}],"keywords":[{"id":"https://openalex.org/keywords/security-token","display_name":"Security token","score":0.7724000215530396},{"id":"https://openalex.org/keywords/identity","display_name":"Identity (music)","score":0.5394999980926514},{"id":"https://openalex.org/keywords/set","display_name":"Set (abstract data type)","score":0.5037999749183655},{"id":"https://openalex.org/keywords/identity-theft","display_name":"Identity theft","score":0.48980000615119934},{"id":"https://openalex.org/keywords/authentication","display_name":"Authentication (law)","score":0.4546000063419342},{"id":"https://openalex.org/keywords/authorization","display_name":"Authorization","score":0.4196999967098236},{"id":"https://openalex.org/keywords/service","display_name":"Service (business)","score":0.39329999685287476}],"concepts":[{"id":"https://openalex.org/C48145219","wikidata":"https://www.wikidata.org/wiki/Q1335365","display_name":"Security token","level":2,"score":0.7724000215530396},{"id":"https://openalex.org/C38652104","wikidata":"https://www.wikidata.org/wiki/Q3510521","display_name":"Computer security","level":1,"score":0.7312999963760376},{"id":"https://openalex.org/C41008148","wikidata":"https://www.wikidata.org/wiki/Q21198","display_name":"Computer science","level":0,"score":0.7088000178337097},{"id":"https://openalex.org/C2778355321","wikidata":"https://www.wikidata.org/wiki/Q17079427","display_name":"Identity (music)","level":2,"score":0.5394999980926514},{"id":"https://openalex.org/C177264268","wikidata":"https://www.wikidata.org/wiki/Q1514741","display_name":"Set (abstract data type)","level":2,"score":0.5037999749183655},{"id":"https://openalex.org/C522325796","wikidata":"https://www.wikidata.org/wiki/Q471880","display_name":"Identity theft","level":2,"score":0.48980000615119934},{"id":"https://openalex.org/C148417208","wikidata":"https://www.wikidata.org/wiki/Q4825882","display_name":"Authentication (law)","level":2,"score":0.4546000063419342},{"id":"https://openalex.org/C108827166","wikidata":"https://www.wikidata.org/wiki/Q175975","display_name":"Internet privacy","level":1,"score":0.45210000872612},{"id":"https://openalex.org/C108759981","wikidata":"https://www.wikidata.org/wiki/Q788590","display_name":"Authorization","level":2,"score":0.4196999967098236},{"id":"https://openalex.org/C2780378061","wikidata":"https://www.wikidata.org/wiki/Q25351891","display_name":"Service (business)","level":2,"score":0.39329999685287476},{"id":"https://openalex.org/C192209626","wikidata":"https://www.wikidata.org/wiki/Q190909","display_name":"Focus (optics)","level":2,"score":0.3797999918460846},{"id":"https://openalex.org/C178489894","wikidata":"https://www.wikidata.org/wiki/Q8789","display_name":"Cryptography","level":2,"score":0.36500000953674316},{"id":"https://openalex.org/C11560541","wikidata":"https://www.wikidata.org/wiki/Q1756025","display_name":"Replay attack","level":3,"score":0.3610999882221222},{"id":"https://openalex.org/C99221444","wikidata":"https://www.wikidata.org/wiki/Q1532069","display_name":"Private information retrieval","level":2,"score":0.3084000051021576},{"id":"https://openalex.org/C527821871","wikidata":"https://www.wikidata.org/wiki/Q228502","display_name":"Access control","level":2,"score":0.289000004529953},{"id":"https://openalex.org/C93996380","wikidata":"https://www.wikidata.org/wiki/Q44127","display_name":"Server","level":2,"score":0.2680000066757202},{"id":"https://openalex.org/C116834253","wikidata":"https://www.wikidata.org/wiki/Q2039217","display_name":"Identification (biology)","level":2,"score":0.26249998807907104},{"id":"https://openalex.org/C116537","wikidata":"https://www.wikidata.org/wiki/Q2169973","display_name":"Service provider","level":3,"score":0.2522999942302704}],"mesh":[],"locations_count":1,"locations":[{"id":"doi:10.48550/arxiv.2604.15637","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.15637","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":null,"raw_source_name":null,"raw_type":"Preprint"}],"best_oa_location":{"id":"doi:10.48550/arxiv.2604.15637","is_oa":true,"landing_page_url":"https://doi.org/10.48550/arxiv.2604.15637","pdf_url":null,"source":{"id":"https://openalex.org/S4306400194","display_name":"arXiv (Cornell University)","issn_l":null,"issn":null,"is_oa":true,"is_in_doaj":false,"is_core":false,"host_organization":"https://openalex.org/I205783295","host_organization_name":"Cornell University","host_organization_lineage":["https://openalex.org/I205783295"],"host_organization_lineage_names":[],"type":"repository"},"license":null,"license_id":null,"version":null,"is_accepted":false,"is_published":false,"raw_source_name":null,"raw_type":"Preprint"},"sustainable_development_goals":[{"id":"https://metadata.un.org/sdg/16","score":0.8275434970855713,"display_name":"Peace, Justice and strong institutions"}],"awards":[],"funders":[],"has_content":{"pdf":false,"grobid_xml":false},"content_urls":null,"referenced_works_count":0,"referenced_works":[],"related_works":[],"abstract_inverted_index":{"Apple":[0,10,26,98,156,172],"Intelligence":[1,27,99,157],"is":[2,28],"a":[3,16,43,66,117,182],"generative":[4],"AI":[5,187,197],"(GenAI)":[6],"service":[7,198],"provided":[8],"by":[9,193],"on":[11,37,116,132],"its":[12,148],"devices.":[13],"While":[14],"offering":[15],"similar":[17,23],"set":[18],"of":[19],"features":[20],"as":[21],"other":[22],"GenAI":[24],"services,":[25],"claimed":[29],"to":[30,68,104,155,165,205],"be":[31],"designed":[32],"with":[33,65,80,120,173],"an":[34,141],"extra":[35],"focus":[36],"user":[38],"security":[39],"and":[40,46,77,113,138,168,176],"privacy":[41],"through":[42],"two-stage":[44],"authentication":[45],"authorization":[47],"design":[48],"using":[49,72],"anonymous":[50],"access":[51,107,154],"tokens.":[52],"In":[53],"this":[54,61],"paper,":[55],"we":[56,85],"present":[57,86],"our":[58],"investigation":[59],"into":[60],"token":[62,94],"issuance":[63],"mechanism":[64],"goal":[67],"reveal":[69],"possible":[70],"vulnerabilities":[71,164],"traffic":[73],"analysis,":[74],"reverse":[75],"engineering,":[76],"cross":[78],"comparison":[79],"Apple's":[81],"public":[82],"documentation.":[83],"Specifically,":[84],"the":[87,90,102,106,110,125,133,163,166,196,206],"Serpent":[88],"attack,":[89],"first":[91],"practical":[92],"cross-device":[93],"replay":[95],"attack":[96],"against":[97,124],"that":[100,140],"allows":[101],"attacker":[103],"steal":[105],"tokens":[108],"from":[109,171],"victim's":[111],"device":[112],"utilise":[114],"them":[115],"different":[118],"device,":[119],"all":[121],"usage":[122],"rate-limited":[123],"victim.":[126],"We":[127,159],"have":[128,160],"achieved":[129],"successful":[130],"attacks":[131],"latest":[134],"macOS":[135],"26":[136],"Tahoe":[137],"demonstrated":[139],"attacker,":[142],"who":[143],"even":[144],"has":[145],"used":[146],"up":[147],"own":[149],"allowance,":[150],"can":[151],"immediately":[152],"regain":[153],"service.":[158],"responsibly":[161],"disclosed":[162],"vendors":[167],"received":[169],"confirmation":[170],"CVE":[174],"assigned":[175],"bounty":[177],"given.":[178],"Our":[179],"results":[180],"highlight":[181],"general":[183],"lesson":[184],"for":[185],"built-in":[186],"services:":[188],"Anonymising":[189],"identity":[190],"does":[191],"not":[192],"itself":[194],"make":[195],"secure;":[199],"Enforcing":[200],"non-transferability":[201],"requires":[202],"cryptographic":[203],"binding":[204],"rightful":[207],"user.":[208]},"counts_by_year":[],"updated_date":"2026-07-01T06:00:48.157686","created_date":"2026-04-21T00:00:00"}
