Apple’s AirDrop Vulnerable to Leak Personal Information Easily Attained by Any Nearby Hackers

By Author:
55 0
A vulnerability in Apple’s AirDrop file transfer system may result in contact information such as email addresses and phone numbers being easily attained by hackers, experts warn.
The Apple logo is seen on a window of the company's store on February 14, 2021. Apple is yet to acknowledge its recently exposed AirDrop vulnerabilities. (Image: MLADEN ANTONOV/AFP via Getty Images)

A vulnerability in Apple’s AirDrop file transfer system may result in contact information such as email addresses and phone numbers being easily attained by hackers, experts warn. 

Academics from the Technical University of Darmstadt in Germany exposed the problem, which centers around the cryptographic hash functions that obscure personal information during the discovery process when initiating an AirDrop. In an article titled PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop, an attacker needs only to decrypt the hashes to simply utilize what is called a brute force attack.

“We discovered two severe privacy vulnerabilities in the underlying authentication protocol. In particular, the flaws allow an adversary to learn contact identifiers (i.e., phone numbers and email addresses) of nearby AirDrop senders and receivers…The flaws originate from the exchange of hash values of such contact identifiers during the discovery process, which can be easily reversed using brute-force or dictionary attacks,” the Abstract explained.

AirDrop typically verifies if both the sender and receiver are in one another’s contact lists before displaying on the other person’s device during the authentication process. However, If you have your receive settings to “Everyone,” researchers say you are particularly vulnerable. Even if you have your receive settings to “Receiving Off” or “Contacts Only,” they say you are still vulnerable while your AirDrop app is looking for other devices to connect to. 

Apple’s airdrop file transfer system an easy target

The analysts say a hacker may only need to be in range of a target with a Wi-Fi capable device and know how to decrypt information using brute force techniques to attain data from Apple devices without their users’ consent.

“Recovering the preimage of a hashed phone number can be achieved using brute force because the phone number space is relatively small. For example, a U.S. phone number contains an area code followed by 7 digits. Given this small search space, it is feasible to check all possible phone numbers on a PC within seconds,” the researchers explained. 

“Recovering the preimage of a hashed email address is less trivial but possible via dictionary attacks that check common email formats such as [email protected]{ gmail.com,yahoo.com,…}. Alternatively, an attacker could generate an email lookup table from data breaches or use an online lookup service for hashed email addresses.”

The researchers said that they first informed Apple of the vulnerabilities back in May 2019. In October, they announced developing a solution with a program called PrivateDrop, which uses “optimized cryptographic private set intersection protocols that can securely perform the contact discovery process between two users without exchanging vulnerable hash values.” 

However, Apple has yet to either acknowledge their research and solution or inform the public that they are working on their own solution.

Analysts say a hacker may only need to be in range of a target with a Wi-Fi capable device and know how to decrypt information. Image:.wikimedia/CC0.4.0

AirDrop has been used on iPhone, iPad, and other Mac systems since 2011. There are currently more than 1.5 billion users worldwide that have devices with AirDrop. 

Another recently exposed flaw with Apple’s Find My feature that uses Bluetooth location tracking was also found to have vulnerabilities, easily leaking a person’s location history. The FindMy holes were disclosed to Apple in July 2020, and they have since partly addressed the issues, according to Hacker News.