Researchers find a scary data vulnerability in Apple’s AirDrop

By Arif Bacchus Published April 24, 2021

Digital Trends

Hackers can tap into AirDrop data and pull your phone number or your email address. This issue has been known since 2019 and has yet to be patched or acknowledged by Apple, though it impacts almost 1.5 billion Apple devices today.

According to a report from security researchers at Germany’s Technical University of Darmstadt, the core of this issue is the way in which AirDrop shares files between Apple devices using the address book and contacts list as an option by default. Per the researchers, since AirDrop leverages “a mutual authentication mechanism,” to compare phone numbers, as well as email addresses, a hacker can easily intercept this information using “a Wi-Fi-capable device” that is nearby to an Apple user sharing through MacOS, iOS, or iPadOS via AirDrop. A proof of concept attack can be found on GitHub.

Recommended Videos

This can be done even if the hacker isn’t in the user’s address book or contacts list. It happens both ways, via Sender Leakage, as well as Receiver Leakage, according to the researchers.

Please enable Javascript to view this content

Apple does try to protect the exchanged phone numbers and email addresses via “obfuscating,” but security researchers have found that it does not prevent the reversing of hash values. These can be “quickly reserved,” according to security researchers, through brute force attacks.

The researchers at the Technical University of Darmstadt have developed “PrivateDrop” which can replace AirDrop’s flawed design. This solution is reportedly based on optimized cryptographic private set intersection protocols.

This means it can complete exchanges between certain devices without exchanging the hash values that could otherwise be interpreted. This all can occur with a delay time of around a second. This project is available on GitHub, for those interested in the research behind what went into developing it.

Since Apple hasn’t yet officially released a fix, you can try to avoid using or completely turn off AirDrop if you are concerned. To do this on an iPhone or an iPad, click Settings > General. From there, tap AirDrop > Receiving Off. On MacOS, you can turn off AirDrop by clicking to the Control Center next to the date and time, choosing AirDrop, and then toggling the switch to Off. Additional details are available via Apple if you wish to learn more about AirDrop on MacOS.

Topics

Former Digital Trends Contributor

Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…

News

Apple’s futuristic iPhone display may not be released for a while longer

Someone holding an iPhone 16, showing a home screen.

If you wish to use an iPhone with virtually no bezels around the screen, you will need to wait a little longer than initially thought. A new industry report says the release of Apple's long-rumored OLED display with "zero bezels" for the iPhone has slid further into an uncertain timeline.

South Korean outlet The Elec, which was the first to report of the existence of a "zero-bezel" iPhone display, has now reported the launch date is unforeseeable because the technology "is not yet developed enough."

Mobile

I finally have RCS on my iPhone, and it’s one of my favorite iOS 18 features

An iPhone 16 Pro showing RCS messaging.

Apple’s Messages app has certainly come a long way. When the first iPhone launched in 2007, it could only send SMS -- there weren't even picture messages. Then it got MMS protocol support in iPhone OS 3.0 with the iPhone 3GS. With iPhone OS 5.0, Apple implemented its own iMessage chat protocol, making it easy for Apple users to communicate with other Apple device users.

However, when it came to messaging Android users, Apple dragged its feet for the longest time, sticking with SMS and MMS, which aren’t encrypted and don't offer full-quality photo and video sending. It also sparked the whole blue bubble versus green bubble war.

Mobile

Is your child safe from inappropriate apps on Apple App Store? A report says no

App Store screenshot on iPhone.

Apps aimed at children have been available since the inception of the App Store. However, not all apps created for minors are safe to use. This is the main finding of a new survey conducted by two child safety organizations. The report presents the results of a 24-hour research study in which 800 apps were reviewed, and the findings are concerning.

The Heat Initiative and ParentsTogether Action study found that Apple's App Store is a mass distributor of risky and inappropriate apps to children. Many apps have features that put children at risk of sexual abuse and exploitation, low self-esteem and poor body image, disordered eating, exposure to sexual and violent content, and more. Apple claims that the App Store is a safe place for children, but the study found that Apple takes no legal responsibility for the veracity of age ratings.

nproxy.org