Apple AirDrop

Apple’s AirDrop technology is extremely convenient for anyone in the Apple ecosystem. It allows sharing files such as photos and videos wireless across iOS, iPadOS, and macOS devices. The proprietory tech uses both Wi-Fi and Bluetooth to establish a wireless connection and exchange files. It is being reported that the tech is vulnerable to data leaks and that it could leak users’ phone numbers and email addresses.

According to researchers from Germany’s Technical University of Darmstadt (via Gadgets360), AirDrop has a vulnerability that could impact Apple users. It is said that the problem exists within the use of hash functions. For the unaware, hash functions exchange phone numbers and email addresses during the discovery process. However, not all users are affected. That said, anyone who has set their receive settings to Everyone is at risk.

As per the researchers, if you have your settings set to Off or Contacts Only and if you have your share sheet open with AirDrop to look for other devices to connect, you are at risk.

How does this AirDrop vulnerability work?

Apple uses the novel SHA-256 hash functions to encrypt your private data such as phone number and email address while using AirDrop. These hashes can’t be converted into the cleartext by a novice. However, according to the researchers, an attacker who has a Wi-Fi-enabled device and is in physical proximity can initiate a process to decrypt the encryption.

There are two specific ways to exploit the flaws. First, the attacker could gain access to the user details once they are in proximity and open the share sheet on their Apple device. Secondly, the attacker could open the share menu and then look for a nearby device to perform a mutual authentication handshake with a responding receiver. However, this case is only valid if you have set the discovery of your devices on AirDrop to Everybody.




I’ve been associated with the tech industry since 2014 when I built my first blog. I’ve worked with Digit, one of India’s largest tech publications. As of now, I’m working as a News Editor at Pocketnow, where I get paid to use and write about cutting-edge tech. You can reach out to me at [email protected]

You May Also Like
Amazon Music HD
HD music for all: Amazon continues what Apple started
All Amazon Music Unlimited subscribers can now enjoy lossless music from Amazon Music HD’s catalog without paying an extra dollar.
Where to buy the Samsung Galaxy S20
New Netflix competitor might actually be one to look out for
All of this combined will have over 100 popular and trusted brands in one global portfolio.
Facebook
Facebook already in trouble with governments over WhatsApp data collection
We hope that Facebook will someday realize that its users don’t want their data to be collected over WhatsApp or any other app