Apple AirDrop Vulnerability Could Expose Private Data To Anyone Within Wi-Fi Range, Company Yet to Issue a Fix

Let’s take a look at the new Apple AirDrop flaw and the risks associated with it.

Apple iPhone 12 Apple A15

Apple users often brag about AirDrop – one of Apple’s key features that makes file sharing easier for those living in the Apple ecosystem. While the feature is widely popular, a new flaw could be a cause of worry for MacBook and iPhone users. According to a new report, researchers at Technische Universitat Darmstadt have found a new AirDrop flaw. This vulnerability can expose the data of users when in the Wi-Fi range. The researchers claim to have informed about the bug in May 2019. However, Apple is yet to acknowledge or resolve the issue. Let’s take a look at the new Apple AirDrop flaw and the risks associated with it.

Apple AirDrop flaw could reveal your personal information to strangers when in Wi-Fi range

Security researchers have reported a flaw in Apple’s AirDrop. According to the researchers, Apple is yet to fix the bug that was reported in May 2019.

If the vulnerability continues to exist, it could put the personal information of over 1.5 billion Apple users at risk. All an attacker needs is a device with Wi-Fi connectivity and “physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.”

The researchers at Technische Universitat Darmstadt claim that the flaw is a combination of two issues. First, AirDrop’s access to a user’s contact list. “As sensitive data is typically exclusively shared with people who users already know, AirDrop only shows receiver devices from address book contacts by default. To determine whether the other party is a contact, AirDrop uses a mutual authentication mechanism that compares a user’s phone number and email address with entries in the other user’s address book,” the report reads.

Apple’s use of a relatively weak hashing mechanism for encryption is the second cause of risk, the report added. Researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.

A solution provided by the researchers, dubbed PrivateDrop, claims to have a more secure approach. However, Apple is yet to acknowledge the issue and the potential solution.

Thanks for reading till the end of this article. For more such informative and exclusive tech content, like our Facebook page