Apple’s AirDrop technology is a much easier way to share photos, contact information and more, but a security flaw could mean sharing details with more people than you bargained for.
Wi-Fi and Bluetooth-powered Apple-to-Apple data transfer tech can expose your phone number and email address to a stranger in the Wi-Fi range, according to researchers at a major German university.
Researchers working out Technische Universitat Darmstadt say that just opening an iOS or macOS sharing pan can reveal your personal information. They state that it is also not necessary for third parties to initiate transfers to highlight “significant security risks”.
In the findings published this week, the researchers say that it raised the issue of Apple coming back in 2019 and the company is yet to fix it. They say the problem lies in the weak hashing of phone numbers and email addresses associated with Apple’s user. All strangers must be in the vicinity to smell.
In Press release Researchers from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) write: “As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. They only have A target requires a Wi-Fi-enabled device and physical proximity, which starts the discovery process by opening a sharing pane on an iOS or macOS device. “
“The problems discovered lie in the use of hash functions for” obfuscating “exchanged phone numbers and email addresses during the search process. However, researchers at TU Darmstadt have already shown that hashing provides privacy-preserving contact discovery Fails because so-called hash values can be quickly inverted using simple techniques such as brute-force attacks. “
Researchers say that 1.5 billion users are potentially sensitive to the issue, but Apple has not acknowledged the problem, let alone try to fix it. Researchers say that currently the only way to guard against this is to shut down the airdrop.