AirDrop could be hacked to reveal personal information, researchers say (2024)
Apple's popularAirDrop feature for sharing files may be vulnerable to hacking attempts, according to security researchers at a German university. In a post published Friday,researchers at Technische Universitat Darmstadt said that a nearby stranger could discover the phone number and email of an AirDrop user because of a privacy gap in the feature.
The issue, reported earlier by Gizmodo, apparently stems from the Contacts Only option in AirDrop, which uses a "mutual authentication mechanism" to check whether a user's phone number and email is in someone else's contacts list, according to the researchers. The information is encoded in hash during this process, but a bad actor in "physical proximity to a target" could pick up the information and quickly reverse the privacy measures using "simple techniques such as brute-force attacks," said the researchers.
The university first informed Apple of the potential vulnerability in May 2019, the researchers said, but the issue hasn't been addressed in subsequent software updates.
The team has put forward its own alternative, called Private Drop, that doesn't "rely on exchanging vulnerable hash values."
Security researchers warned Apple as early as 2019 about vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they recently used to track down users of the feature, the researchers told CNN, in a case that experts say has sweeping implications for global privacy.
With the proper know-how, an attacker could compile a list of potential hashes and target AirDrop users. In the scenario where a hacker utilizing this technique is in proximity during your AirDrop transfer, they could potentially acquire personal details such as email addresses or phone numbers.
Contacts Only: Only your contacts can see your device. Everyone: All nearby Apple devices using AirDrop can see your device. When you set your AirDrop option to Everyone for 10 Minutes in iOS 16.2 or later, your option reverts to Contacts Only3 after 10 minutes.
Another security risk for AirDrop users is the possibility of a hacker sending an infected file (usually malware or a computer virus if the target is a Mac) on their device. Once you've accepted a malicious AirDrop transfer, the file is sent directly to your downloads folder, where it can execute scripts.
Address: Suite 751 871 Lissette Throughway, West Kittie, NH 41603
Phone: +2366831109631
Job: Sales Producer
Hobby: Creative writing, Motor sports, Do it yourself, Skateboarding, Coffee roasting, Calligraphy, Stand-up comedy
Introduction: My name is Laurine Ryan, I am a adorable, fair, graceful, spotless, gorgeous, homely, cooperative person who loves writing and wants to share my knowledge and understanding with you.
We notice you're using an ad blocker
Without advertising income, we can't keep making this site awesome for you.