Award Banner
Award Banner

Apple's AirDrop discovered to leak users' personal data 2 years ago, still not fixed

Apple's AirDrop discovered to leak users' personal data 2 years ago, still not fixed
The Apple Inc logo is seen hanging at the entrance to the Apple store on 5th Avenue in Manhattan, New York, US, Oct 16, 2019.
PHOTO: Reuters

Apple’s AirDrop is reported to be leaking users’ personal information like emails and phone numbers.

According to the researchers at the Department of Computer Science at the University of Darmstadt in Germany who discovered the glitch, every time a user opens a sharing panel on macOS or iOS, they are leaking hashes and disclosing their details.

The glitch detailed by the researchers lies in the Contacts Only setting. To share a file with someone via AirDrop, you use the iOS Sharing feature and specify AirDrop as the tool.

If the other person's AirDrop is set to Contacts Only, Apple needs to determine if you're in that person's contact list.

To do this, Apple uses an authentication process that compares your phone number and email address with entries in the other person's address book.

To protect your phone number and email address during this process, Apple relies on a hashing function to obscure that information. However, it was discovered that this hashing fails to adequately protect the privacy of the data.

[[nid:485629]]

So, a savvy stranger could reverse the hash values through certain techniques, including brute force attacks, thereby uncovering your email address and phone number.

This flaw also extends to other devices that use AirDrop, including iPads and Macs.

Right now, the only way to prevent this from happening is to set AirDrop discover to "no one" in our settings and to refrain from opening the sharing pane.

The researchers who found this vulnerability claimed that they had notified Apple of their findings privately way back in May 2019, but till date, Apple has not acknowledge or fix it.

This article was first published in Hardware Zone.

This website is best viewed using the latest versions of web browsers.