This study addresses the longstanding lack of security research on Apple’s baseband interfaces, particularly focusing on the undocumented Apple Remote Invocation (ARI) protocol—a potential remote code execution attack surface that has remained unexamined. The authors present the first systematic reverse engineering and fuzzing analysis of ARI in iOS, leveraging custom Ghidra scripts to automate protocol parsing and generate a Wireshark dissector. They also evaluate the effectiveness of static tracing methodologies in this context. The resulting open-source toolkit, ARIstoteles, not only uncovers insufficient testing and security blind spots within the ARI interface but also establishes foundational infrastructure for future research, thereby filling a critical gap in the security analysis of Apple’s baseband components.

Wireless chips and interfaces expose a substantial remote attack surface. As of today, most cellular baseband security research is performed on the Android ecosystem, leaving a huge gap on Apple devices. With iOS jailbreaks, last-generation wireless chips become fairly accessible for performance and security research. Yet, iPhones were never intended to be used as a research platform, and chips and interfaces are undocumented. One protocol to interface with such chips is Apple Remote Invocation (ARI), which interacts with the central phone component CommCenter and multiple user-space daemons, thereby posing a Remote Code Execution (RCE) attack surface. We are the first to reverse-engineer and fuzz-test the ARI interface on iOS. Our Ghidra scripts automatically generate a Wireshark dissector, called ARIstoteles, by parsing closed-source iOS libraries for this undocumented protocol. Moreover, we compare the quality of the dissector to fully-automated approaches based on static trace analysis. Finally, we fuzz the ARI interface based on our reverse-engineering results. The fuzzing results indicate that ARI does not only lack public security research but also has not been well-tested by Apple. By releasing ARIstoteles open-source, we also aim to facilitate similar research in the future.