Apple AirDrop flaw could reveal personal data to anyone: Report

By Ashika Rajan, Trainee Reporter
  • Follow author on
Representational Image

According to a new report from researchers at a German University, the Wi-Fi and Bluetooth-powered Apple-to-Apple data transfer tech AirDrop could expose your phone number and email address to a stranger who is in the Wi-Fi range.

All the stranger had to do was be within range. German-based Technische Universitat (TU) Darmstadt researchers suggest that simply opening an iOS or macOS sharing panel may reveal personal information to anyone in range.

According to reports, a scenario where this could happen even though no transfer for third parties is initiated, exposes a “significant security risk.”

Apple AirDrop

The reports suggested that “as an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users even as a stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.”

“The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks,” the report added.

How do you protect yourself from danger?

The researchers said that 1.5 billion users may be affected. Apple, on the other hand, is yet to acknowledge the problem. For now, the researchers suggest that the only way to protect yourself from the vulnerability is to turn off AirDrop entirely.

Related: Apple unwraps new M1 powered iMacs, iPads and more at its latest event