Apple’s AirDrop flaw could expose users’ data such as phone numbers and email addresses, warns security experts.
Researchers from Germany’s the Technical University of Darmstadt discovered a vulnerability that could affect any Apple user who uses AirDrop to share files.
The researchers discovered that the issue is caused by the use of hash functions, which share phone numbers and email addresses during the discovery process.
While this is worrying, users are only compromised in certain situations. For starters, User who set receive settings to Everyone is vulnerable.
However, even if your settings are set to Off or Contacts Only, the researchers warn that if you have your share sheet open with AirDrop (where your computer is searching for other devices to connect), you are at risk.
The vulnerability was outlined in a paper by the researcher’s group, which included five experts from the university’s Secure Mobile Networking lab and the Cryptography and Privacy Engineering Group.
According to the paper’s descriptions, there are two distinct ways to manipulate the flaws. In one example, the intruder may gain access to the user information if they are nearby and open the sharing sheet or share menu on their iPhone, iPad, or Mac.
In the second example, however, the attacker may open a share sheet or share menu on their computer and then search for a nearby device to execute a mutual authentication interaction with a responding receiver.
AirDrop is Apple’s patented wireless technology that was launched in 2011 and is used for wirelessly sharing files such as images and videos through iOS, iPadOS, and macOS computers.
It establishes a wireless link and exchanges files using both Wi-Fi and Bluetooth. However, the shared authentication method used by AirDrop can be exploited to steal a user’s phone number and email address. Security experts have also alerted Apple in 2019 also.
AirDrop is a preloaded service on over 1.5 billion Apple devices, all of which are reportedly vulnerable due to the bug discovered by the researchers.
At the time of publication, Apple had not responded to a request for comment on whether it was working to resolve the issue.
This is not the first time that AirDrop has been discovered to have a security flaw. In August 2019, it was discovered that the service had a flaw that enabled attackers to access information.