User profile for user: jantk
jantk Author
User level: Level 1
9 points

Is Screen Sharing fully encrypted? Is there documentation?

For reasons of work security, I need to know if Mac-to-Mac Screen Sharing is fully encrypted. This means encryption of login credentials, mouse movements, keyboard, screen data, and any file transfers. 100% encryption.


Now I know that when non-Apple VNC connects, it is not secure, and it should be ssh-tunneled.


I also read sketchy documentation that Apple's Apple Remote Desktop (ARD) is fully encrypted, and I had a chat with Apple Tech Support, who told me that Screen Sharing uses the same protocols as ARD, and is thus also encrypted.


This informal evidence (a screenshot of a tech support chat) is good enough casual usage, but is not good enough to present at work, where security is critical. It seems silly to ssh-tunnel a protocol that is already encrypted, but Apple's vagueness seemingly gives us no choice.


Is there any technical document that will attest the security level of Apple Screen Sharing? I'm confident that Apple would have the good sense (and liability avoidance, and public relations acumen) to use robust encryption for Screen Sharing, but I need proof.


Thanks!


Mac mini, macOS 10.13

Posted on May 17, 2020 11:54 AM

Reply
Question marked as Top-ranking reply
User profile for user: BobHarris
BobHarris
User level: Level 9
57,241 points

Posted on May 17, 2020 2:16 PM

I think it is (Mac-to-Mac screen sharing, NOT generic VNC), but I cannot find proof either.


I do remember that in older versions, there was an option to enable encryption for the VNC traffic (I think at that time the username/password exchange was already a secure operation).


Then the option went away, and I assumed it became the default. But assumptions are a dangerous thing.


If you are really worried, it is not too difficult to tunnel a Screen Sharing (or VNC for that matter) across an ssh tunnel. I did it all the time when I was remote managing my Mom's iMac 300 miles away.


ssh -L 55900:localhost:5900 username@remote.mac.address

That establishes the tunnel (There are even GUI apps to do this for you)

Finder -> Go -> Connect to server -> vnc://localhost:55900

that will start a screen sharing session using the ssh tunnel's local end point, and everything you do for that screen sharing session will travel across the secure ssh tunnel.


The choice of 55900 is arbitrary. Just some high numbered port that will not conflict with an existing port number being used on your local Mac. 5900 is the port that the remote Mac's screen sharing is listening to.


You do have to have System Preferences -> Sharing -> Remote Login enabled on the remote Mac as well as Screen Sharing.



If you do find an Apple document or a trusted source that shows evidence that Screen Sharing is encrypted, I would be interested as well.

View in context

Similar questions

5 replies
Question marked as Top-ranking reply
User profile for user: BobHarris
BobHarris
User level: Level 9
57,241 points

May 17, 2020 2:16 PM in response to jantk

I think it is (Mac-to-Mac screen sharing, NOT generic VNC), but I cannot find proof either.


I do remember that in older versions, there was an option to enable encryption for the VNC traffic (I think at that time the username/password exchange was already a secure operation).


Then the option went away, and I assumed it became the default. But assumptions are a dangerous thing.


If you are really worried, it is not too difficult to tunnel a Screen Sharing (or VNC for that matter) across an ssh tunnel. I did it all the time when I was remote managing my Mom's iMac 300 miles away.


ssh -L 55900:localhost:5900 username@remote.mac.address

That establishes the tunnel (There are even GUI apps to do this for you)

Finder -> Go -> Connect to server -> vnc://localhost:55900

that will start a screen sharing session using the ssh tunnel's local end point, and everything you do for that screen sharing session will travel across the secure ssh tunnel.


The choice of 55900 is arbitrary. Just some high numbered port that will not conflict with an existing port number being used on your local Mac. 5900 is the port that the remote Mac's screen sharing is listening to.


You do have to have System Preferences -> Sharing -> Remote Login enabled on the remote Mac as well as Screen Sharing.



If you do find an Apple document or a trusted source that shows evidence that Screen Sharing is encrypted, I would be interested as well.

Reply
User profile for user: BobHarris
BobHarris
User level: Level 9
57,241 points

May 17, 2020 2:50 PM in response to jantk

How about this:

strings /System/Library/CoreServices/Applications/Screen\ Sharing.app/Contents/MacOS/Screen\ Sharing | grep encryp
encryptionLevel
encryptRFBDataStream
RFBEncryption On
RFBEncryption Off
encryptKeystrokesOnly
encryptKeystrokesOnly On
encryptKeystrokesOnly Off
userDidDismissUnencryptedLegacyVNCWarning:suppressFutureWarnings:

Not proof, but it at least says there are strings inside the Screen Sharing executable that talk about encryption


And this:

strings /System/Library/CoreServices/Applications/Screen\ Sharing.app/Contents/Resources/English.lproj/ControlCommand.strings | grep crypt
Connection is encrypted_


Again, not proof.

Reply
User profile for user: jantk
jantk Author
User level: Level 1
9 points

May 17, 2020 2:29 PM in response to BobHarris

Yes, I recall there was an option, and I agree it makes the most sense that Apple made it the default. They almost certainly wouldn't have regressed.


And we 're familiar with the SSH tunneling but that adds one layer of (99% probably) un-necessary complexity that the non-tech folks might not be able to handle. (As an aside I sometimes use the tunneling method to improve the speed of a Screen Sharing connection cross-country - maybe TCP is faster in this case than UDP?)


It just doesn't make sense that they wouldn't advertise it, because such security is very important for commercial and government customers. The mods edited out my Three Letter Agency backdoor theory, so please ignore that :)




[Edited by Moderator]

Reply
User profile for user: jantk
jantk Author
User level: Level 1
9 points

May 17, 2020 3:23 PM in response to BobHarris

As you then said, RFB is "Remote Framebuffer (Protocol)" and v 3.8 is described by RFC 6143 which says:


Note that after the security handshaking phase, it is possible that
further communication is over an encrypted or otherwise altered
channel if the two ends agree on an extended security type beyond the
ones described here. 

...

The RFB protocol as defined here provides no security beyond the
optional and cryptographically weak password check described in
Section 7.2.2.  In particular, it provides no protection against
observation of or tampering with the data stream.  It has typically
been used on secure physical or virtual networks.

Security methods beyond those described here may be used to protect
the integrity of the data.  The client and server might agree to use
an extended security type to encrypt the session, or the session
might be transmitted over a secure channel such as IPsec [RFC4301] or
SSH [RFC4254].


Now here is a source that assigns Apple RFB security types 30-35, referenced to a Mr. Stein at apple.com in a 2011 email. That's where the trail ends for me.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Is Screen Sharing fully encrypted? Is there documentation?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up