Apple AirDrop Vulnerability Affects 1.5 Billion Devices
Apple’s AirDrop is a pretty useful feature that allows you to transfer files to nearby Apple devices instantly. However, sometimes devices can send more data than users expect. Security researchers have discovered that hackers can obtain a user’s phone number and email address using AirDrop. Approximately 1.5 billion devices are affected by this vulnerability.
Earlier this week, researchers at the Technical University of Darmstadt posted a blog post about their AirDrop manipulation. The vulnerability is based on the fact that AirDrop uses a mutual authentication mechanism to compare the user’s phone number and email with the entries in the address book of the device with which data is being exchanged. The researchers found that attackers can obtain this data by having a Wi-Fi-enabled device and being close to the target, which initiates the detection process by opening a file-sharing panel on an iOS or macOS device. The vulnerability is caused by the way the phone number and email address are hashed during authentication.
The researchers note that they first drew attention to this problem back in 2019 and immediately informed Apple about it. However, the Californian tech giant has yet to take any action to address the vulnerability. For users who are afraid of data leaks, researchers recommend turning off AirDrop completely.
