Home>Tech
Better safe than sorry.
ByJack Morse on
Off is nice.Credit: monica chin
Not everything Apple makes "just works" — at least not as intended, anyway.
Security researchers exploring AirDrop, the iOS and macOS feature that lets users wirelessly share files via WiFi and Bluetooth, reported Wednesday on a flaw they say exposes users' emails and phone numbers. Unless you want every creep on the street to be able to secretly grab your contact info, it's a bit of a nightmare.
The researchers, a team made up of members of the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO), claim they alerted Apple to the flaw in May of 2019. However, according to them, the company never responded.
"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," reads Tuesday's press release. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device."
We reached out to Apple to confirm the findings and to ask if indeed it was alerted to the vulnerability in 2019. We received no immediate response.
Notably, this is not the first questionable privacy situation tied to AirDrop. In 2019, researchers discovered that they were able to determine users' phone numbers based on the partial hashes AirDrop sends out. It's not clear if that concern was ever addressed by Apple, especially as the vulnerability disclosed this week appears similar in nature.
"The discovered problems are rooted in Apple's use of hash functions for 'obfuscating' the exchanged phone numbers and email addresses during the [AirDrop] discovery process," explains Tuesday's press release. "However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks."
AirDrop is also notorious for its association with digital harassment. Specifically, harassers used the feature for cyber-flashing — wherein a stranger bombards a victim's phone with unwanted photos of a sexual or graphic nature — and sending images associated with white supremacists to people just going about their own business in public.
Tweet may have been deleted
Tweet may have been deleted
Of course, you don't have to deal with any of this.
If you'd rather avoid having your iPhone expose your contact info to creeps and protect yourself from cyber-flashers, you can turn AirDrop off (and disable Bluetooth while you're at it).
SEE ALSO: Apple knows AirTags can be abused and is trying to get ahead of it
It's not a permanent thing — you can always briefly turn AirDrop back on if you need it for some reason — but disabling the feature will provide you with some peace of mind, and hey, that "just works."
Related Video: It's surprisingly easy to be more secure online
TopicsAppleCybersecurityPrivacy
Recommended For You
6 things teens say they really need for their mental health
You may be surprised by what teens want.
By Rebecca Ruiz
Tracking your stress may be more stressful than you imagined
What you should know before you start tracking your stress.
By Rebecca Ruiz
Too much TV screen time for kids: 5 things to know about the risks
Research suggests that too much TV can lead to difficulty processing sensory information.
By Rebecca Ruiz
Get an annual Headspace subscription for 40% off and kickstart your mindfulness routine
Prioritize you.
By Natalli Amato
How to stop caring what people think about you
It's not simple. But it's part of being human.
By Rachel Thompson
Trending on Mashable
NYT Connections today: See hints and answers for March 9
Everything you need to solve 'Connections' #272.
By Mashable Team
Wordle today: Here's the answer and hints for March 9
Here are some tips and tricks to help you find the answer to "Wordle" #994.
By Mashable Team
Space babies and time jumps: How 'Dune: Part Two' handles the challenge of Alia Atreides
"Dune: Part Two" co-writer Jon Spaihts weighs in on what might be "Dune"s trickiest character.
By Belen Edwards
How to watch 'Anatomy of a Fall': Where is the Oscar-nominated film streaming?
Everything you need to know to rent it, buy it, or stream it.
By Christina Buff
M3 MacBook Air vs. M3 MacBook Pro: Which Mac is best for you?
A deep dive into which M3-based MacBook fits your needs.
By Kimberly Gedeon
The biggest stories of the day delivered to your inbox.
This newsletter may contain advertising, deals, or affiliate links. Subscribing to a newsletter indicates your consent to our Terms of Use and Privacy Policy. You may unsubscribe from the newsletters at any time.
Thanks for signing up. See you at your inbox!
- TECH
- SCIENCE
- LIFE
- SOCIAL GOOD
- ENTERTAINMENT
- BEST PRODUCTS
- DEALS
- About Mashable
- Contact Us
- We're Hiring
- Newsletters
- Sitemap
Mashable supports Group Black and its mission to increase greater diversity in media voices and media ownership. Group Black's collective includes Essence, TheShadeRoom and Afro-Punk.
©2005–2024 Mashable, Inc., a Ziff Davis company. All Rights Reserved.
Mashable is a registered trademark of Ziff Davis and may not be used by third parties without express written permission.
- About Ziff Davis
- Privacy Policy
- Terms of Use
- Advertise
- Accessibility
- Do Not Sell My Personal Information