The flaw has been discovered in 2019.
Airdrop is an easy way to share files between Apple’s devices. It used to be a safe way to share files. But not anymore, if we’re going to heed to security researchers’ warning.
Apple AirDrop Security Flaw
Security researchers from the Technical University of Darmstadt in Germany sent out a press release about a paper that they’re going to present during a Usenix conference this year.
According to the researchers, uninvited people can access the shared data via the flawed AirDrop.
The team of security researchers developed a solution that could resolve the flaw. However, Apple hasn’t closed the gap yet.
It means that over 1.5 billion users of Apple devices are vulnerable.
Hackers can learn the AirDrop users’ phone numbers and email addresses. All they need is a device with Wi-Fi capacity.
The bad actors can open up the sharing pane of AirDrop on either an iOS or a macOS device.
Thus, if you enable this feature, these bad actors can see your phone numbers, emails, and other data.
What’s more frightening is that hackers can still access them even if you don’t engage with any sharing or initiate sharing, as long as this feature is enabled.
“The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.” — Security Researchers
However, security flaws are common in many devices. Security researchers are finding vulnerabilities all the time.
Apple and other tech companies have a system that allows researchers to report a fix or disclose a flaw.
In most cases, these security risks aren’t disclosed until the risks have been fixed.
However, the security researchers alerted Apple about this flaw in 2019. But Apple hasn’t acknowledged it.
The iPhone maker also didn’t say anything whether or not it’s working on a solution.
Cryptographic Protocols
As mentioned, the security researchers presented a solution to the problem. It involves the use of cryptographic protocols, which don’t end exchanging vulnerable hash values.
Apple prioritizes consumer privacy. And its devices are more secure than other devices.
Although Airdrop is convenient, it’s also a popular yet notorious way to harass someone digitally.
For instance, a bad actor can send unwanted photos to another person whose AirDrop feature has been enabled.
Despite the lack of action from Apple, there’s a simple solution to this security flaw. You can just disable the AirDrop feature. If you need to share a file with someone, you can enable it again briefly.
Furthermore, if you have to enable the feature, you have to change Everyone mode to Contacts only. It’s especially true if you’re in a public place, like a shopping mall or a busy coffee shop.
Then, you should also make sure to get the recipient’s name on-screen. In this way, you can avoid picking a similar yet bogus name.
