Researchers find a scary data vulnerability in Apple’s AirDrop

By Arif Bacchus Published April 24, 2021

Digital Trends

Hackers can tap into AirDrop data and pull your phone number or your email address. This issue has been known since 2019 and has yet to be patched or acknowledged by Apple, though it impacts almost 1.5 billion Apple devices today.

According to a report from security researchers at Germany’s Technical University of Darmstadt, the core of this issue is the way in which AirDrop shares files between Apple devices using the address book and contacts list as an option by default. Per the researchers, since AirDrop leverages “a mutual authentication mechanism,” to compare phone numbers, as well as email addresses, a hacker can easily intercept this information using “a Wi-Fi-capable device” that is nearby to an Apple user sharing through MacOS, iOS, or iPadOS via AirDrop. A proof of concept attack can be found on GitHub.

Recommended Videos

This can be done even if the hacker isn’t in the user’s address book or contacts list. It happens both ways, via Sender Leakage, as well as Receiver Leakage, according to the researchers.

Apple does try to protect the exchanged phone numbers and email addresses via “obfuscating,” but security researchers have found that it does not prevent the reversing of hash values. These can be “quickly reserved,” according to security researchers, through brute force attacks.

The researchers at the Technical University of Darmstadt have developed “PrivateDrop” which can replace AirDrop’s flawed design. This solution is reportedly based on optimized cryptographic private set intersection protocols.

This means it can complete exchanges between certain devices without exchanging the hash values that could otherwise be interpreted. This all can occur with a delay time of around a second. This project is available on GitHub, for those interested in the research behind what went into developing it.

Since Apple hasn’t yet officially released a fix, you can try to avoid using or completely turn off AirDrop if you are concerned. To do this on an iPhone or an iPad, click Settings > General. From there, tap AirDrop > Receiving Off. On MacOS, you can turn off AirDrop by clicking to the Control Center next to the date and time, choosing AirDrop, and then toggling the switch to Off. Additional details are available via Apple if you wish to learn more about AirDrop on MacOS.

Topics

Former Digital Trends Contributor

Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…

Mobile

The iOS 18.2 beta, with new Apple Intelligence features, is here

iOS 18.2 update notification on an iPhone.

Apple has just rolled out the first beta of iOS 18.2, merely a day after seeding a release candidate version of the iOS 18.1 build. The latest beta brings some of the biggest Apple Intelligence features to the table.

The first one is ChatGPT integration. When users bring up Siri and ask it a question the assistant can’t handle, the request will be offloaded to OpenAI’s ChatGPT. “Users are asked before any questions are sent to ChatGPT, along with any documents or photos, and Siri then presents the answer directly,” Apple says.

Mobile

Tim Cook wants you to know he’s confident in Apple’s AI future

Apple's September 2023 event Tim Cook

If you own an iPhone 16 series, you likely purchased it to be among the first to use Apple Intelligence. However, a month after the latest iPhones were released, this highly anticipated AI suite from the largest company in the world has not yet been released to the public. Tim Cook thinks the wait will be worth it.

In a long-ranging interview with The Wall Street Journal, the Apple CEO defends his company’s speed at which it is introducing AI into its products. He also sees a bright future for Apple Vision, even though the first product in a likely series of alternate reality devices, the very expensive Apple Vision Pro, has largely failed to catch on with most users.

Mobile

Apple’s internal tests show Siri isn’t quite ready to beat ChatGPT

Apple Intelligence update on iPhone 15 Pro Max.

With the introduction of the new iPad Mini, Apple made it clear that a software experience brimming with AI is the way forward. And if that meant making the same kind of internal upgrades to a tablet that costs nearly half as much as its flagship phone, the company would still march forward.

However, its ambitions with Apple Intelligence lack competitive vigor, and even by Apple’s own standards, the experience hasn’t managed to wow users. On top of that, the staggered rollout of the most ambitious AI features — many of which are still in the future — has left enthusiasts with a bad impression.