Researchers Discover Scary Knowledge Vulnerability in Apple AirDrop

Hackers can access AirDrop data and get your phone number or email address. This issue has been known since 2019 and has yet to be patched or acknowledged by Apple, although it affects nearly 1.5 billion Apple devices today.

According to a report by security researchers at the Technical University of Darmstadt, the core of this problem is the way AirDrop exchanges files between Apple devices, using the address book and contact list by default. According to the researchers, a hacker can easily intercept this information using a "Wi-Fi enabled device" located near an Apple user share because AirDrop uses "a mutual authentication mechanism" to share phone numbers as well as email – Compare addresses via MacOS, iOS or iPadOS via AirDrop. A proof-of-concept attack can be found on GitHub.

It can do this even if the hacker is not in the user's address book or contact list. According to the researchers, this happens in both directions, both via transmitter leakage and via receiver leakage.

Apple tries to use "obfuscation" to protect the phone numbers and e-mail addresses exchanged, but security researchers have found that this does not prevent hash values ​​from being reversed. According to security researchers, these can be “quickly reserved” through brute force attacks.

The researchers at the Technical University of Darmstadt have claimed to have developed "PrivateDrop", which can replace the faulty design of AirDrop. This solution is reportedly based on optimized cryptographic intersection protocols for private sentences.

This means that the exchange between certain devices can be completed without having to exchange the hash values ​​that could otherwise be interpreted. All of this can occur with a delay time of about a second. This project is available on GitHub for those interested in the research behind the development.

Since Apple hasn't officially released a fix yet, you can try avoiding AirDrop or turning it off altogether if you have concerns. To do this, click Settings> General on an iPhone or iPad. From there, tap AirDrop> Receive. On MacOS, you can turn off AirDrop by clicking the Control Center next to Date and Time, selecting AirDrop, and then flipping the switch to Off. For more information, please contact Apple if you would like to learn more about AirDrop on macOS.

Editor's recommendations

Leave a Reply

Your email address will not be published. Required fields are marked *