Researchers find a scary data vulnerability in Apple’s AirDrop

By Arif Bacchus Published April 24, 2021

Digital Trends

Hackers can tap into AirDrop data and pull your phone number or your email address. This issue has been known since 2019 and has yet to be patched or acknowledged by Apple, though it impacts almost 1.5 billion Apple devices today.

According to a report from security researchers at Germany’s Technical University of Darmstadt, the core of this issue is the way in which AirDrop shares files between Apple devices using the address book and contacts list as an option by default. Per the researchers, since AirDrop leverages “a mutual authentication mechanism,” to compare phone numbers, as well as email addresses, a hacker can easily intercept this information using “a Wi-Fi-capable device” that is nearby to an Apple user sharing through MacOS, iOS, or iPadOS via AirDrop. A proof of concept attack can be found on GitHub.

Recommended Videos

This can be done even if the hacker isn’t in the user’s address book or contacts list. It happens both ways, via Sender Leakage, as well as Receiver Leakage, according to the researchers.

Apple does try to protect the exchanged phone numbers and email addresses via “obfuscating,” but security researchers have found that it does not prevent the reversing of hash values. These can be “quickly reserved,” according to security researchers, through brute force attacks.

The researchers at the Technical University of Darmstadt have developed “PrivateDrop” which can replace AirDrop’s flawed design. This solution is reportedly based on optimized cryptographic private set intersection protocols.

This means it can complete exchanges between certain devices without exchanging the hash values that could otherwise be interpreted. This all can occur with a delay time of around a second. This project is available on GitHub, for those interested in the research behind what went into developing it.

Since Apple hasn’t yet officially released a fix, you can try to avoid using or completely turn off AirDrop if you are concerned. To do this on an iPhone or an iPad, click Settings > General. From there, tap AirDrop > Receiving Off. On MacOS, you can turn off AirDrop by clicking to the Control Center next to the date and time, choosing AirDrop, and then toggling the switch to Off. Additional details are available via Apple if you wish to learn more about AirDrop on MacOS.

Topics

Former Digital Trends Contributor

Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…

Mobile

I hate the new Photos app in iOS 18

Photos app on iOS 18.

When Apple launched the iPhone 16 line, it also released iOS 18 to the masses after months of betas. Though the biggest feature of iOS 18 is Apple Intelligence, which didn’t actually launch until the iOS 18.1 release, there are plenty of other things that iOS 18 brings to the table. That includes RCS messaging, more home screen customization, a revamped Control Center, and more.

One app that got a significant redesign in iOS 18 is the Photos app. After around a decade of mostly the same design and what I would call muscle memory, the new Photos app is, well, quite jarring — and I'm not a fan.
The new Photos app is messy
The old Photos app Christine Romero-Chan / Digital Trends

Mobile

A hidden iOS 18.1 upgrade made it harder to extract data from iPhones

A person holding the Apple iPhone 16 Plus.

Apple Intelligence was the most notable upgrade that arrived on iPhones with the iOS 18 series of updates. But it seems Apple reinforced the security protocols in the background that could prevent bad actors from gaining unauthorized access to iPhones that haven’t been unlocked in a while by their legitimate owner.

Earlier this month, 404Media reported that law enforcement officials are troubled by iPhones that are mysteriously rebooting. Citing a report courtesy of officials in Michigan, the outlet notes that the reboots are hampering the ability to access what’s stored on the phones through brute-force unlock methods.

Mobile

Apple quietly nixed this Apple Intelligence feature from iOS 18.2

Image Playground on iPad.

One of the most highly anticipated features of Apple Intelligence, Image Playground, has finally launched in the iOS 18.2 developer and public betas. This artificial intelligence tool, announced in June, enables users to create cartoon-like images from text descriptions. Unfortunately, at least in the beta version, one of Image Playground's announced features is missing.

As first noted on X (formerly Twitter) by @nicolas09f9 (via MacRumors), Image Playground was once expected to feature three design styles: Animation, Illustration, and Sketch. For whatever reason, the latter isn't a choice in the beta.