Investigators found data vulnerability in Apple AirDrop
Although Apple belongs to the group of giant companies, something is missing when it comes to security. It is possible for hackers to be able to access AirDrop data and steal users’ phone numbers and email addresses.
This issue has been known since 2019 and has not yet been fixed or recognized by the company, although today it has an impact on almost 1.5 billion Apple devices.
According to a report by security researchers at the German University Darmstadt, the center of this problem lies in the way AirDrop shares files between Apple devices, using the default email address and contact list.
For investigators, since AirDrop uses a “mutual authentication mechanism” and has to compare phone numbers and email addresses, a hacker can easily intercept this information. To do this, they just need to have a device with Wi-Fi access and be close to the user who shares via AirDrop.
All of this can happen even if the hacker is not part of the user’s list of phone contacts or email addresses. Both the person sending and the person receiving the files are subject to this type of theft.
Apple always tries to protect the phone numbers and email addresses exchanged through “obfuscation”, but investigators have found that this does not prevent the invasion of “brute force” attacks.
Researchers at the University of Darmstadt have developed the “PrivateDrop” that can replace AirDrop. This method allows exchanges between devices without changing hash values that could otherwise be easily deciphered. All of this can occur with a waiting time of about one second. This project is available on GitHub.