Apple AirDrop Reportedly Has A Data Leakage Vulnerability Affecting All Users
Apple's AirDrop can be an incredibly useful utility or just something to send memes to friends sitting nearby. Either way, it is possible that you could be sending more than you bargained for, as researchers have found that an attacker could glean the phone number and email of AirDrop users. Evidently, the researchers reported this privacy issue in 2019, but a reported 1.5 billion users are still vulnerable as Apple has seemingly done nothing.
Earlier this week, researchers at the Technical University of Darmstadt published a blog outlining their findings about AirDrop. To preface, AirDrop allows users to share files with address book contacts. To verify that someone is in an address book, AirDrop uses a "mutual authentication mechanism" to compare a user's phone number and email with entries in the other user's address book.
As it turns out, an attacker can gain information just by having a "Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device." This issue stems from how the authentication hashes the phone number and email sent over the air, which could be brute-forced.
In 2019, the researchers who found this problem informed Apple, but they are now reporting that Apple has not acknowledged the problem "nor indicated that they are working on a solution." Therefore, nearly 1.5 billion Apple device users around the world could be vulnerable to personal data leakage. Until Apple issues a proper fix, the workaround is to disable AirDrop entirely if you are concerned. In any case, let us know what you think of this discovery and Apple's apparent inaction in the comments below.
(AirDrop Crack Image Courtesy Of TU Darmstadt)