Apple devices’ most useful features, AirDrop allow users to transfer data to other Apple devices seamlessly. According to an information, AirDrop is riddled with a bug, enabelling hackers to steal users’ phone numbers and email addresses.
A report by the Technical University of Darmstadt stated that, AirDrop has a bug that could lead an attacker to learn the phone numbers and email addresses of users even as a complete stranger. According to the researchers in a blog post, “All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.”
AirDrop, has a mutual authentication mechanism to compare a user’s phone number and email address with the entries in the address book of the device with which it is about to share the data. During the research, it was found that the hackers can get their hands on this data by being close to the target and having a Wi-Fi-enabled device, initiating the detection process by opening a file-sharing panel on an iOS or macOS device.
Adding in the blog post, the researchers have discovered hat hashing fails to provide ‘privacy-preserving contact discovery’ and that the hash values can be reversed using simple brute-force techniques, “The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process.” In short, hackers can easily decode the encoded data containing phone numbers and email addresses easily.
The researchers also mentioned that back in My 2019, they have already informed Apple about this vulnerability, however, the company hasn’t taken any action in this regard putting more than 1.5 billion Apple device owners at a risk. “Users can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing menu,” said the researchers.