AirDrop Security Flaw Exposes 1.5 Billion Apple Devices, Researchers Say

mood · Apr 24, 2021

AirDrop Security Flaw Exposes 1.5 Billion Apple Devices, Researchers Say
April 22, 2021
https://gizmodo.com/airdrop-security-flaw-exposes-1-5-billion-apple-devices-1846747548

Apple’s AirDrop feature is a convenient way to share files between the company’s devices, but security researchers from Technische Universitat Darmstadt in Germany are warning that you might be sharing way more than just a file.

According to the researchers, it’s possible for strangers to discover the phone number and email of any nearby AirDrop user. All a bad actor needs is a device with wifi and to be physically close by. They can then simply open up the AirDrop sharing pane on an iOS or macOS device. If you have the feature enabled, it doesn’t even require you to initiate or engage with any sharing to be at risk, according to their findings.
Click to expand...

mood · Apr 24, 2021

Apple’s AirDrop leaks users’ PII, and there’s not much they can do about it
April 24, 2021
https://arstechnica.com/gadgets/202...pii-and-theres-not-much-they-can-do-about-it/

AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking user emails and phone numbers, and there's not much anyone can do to stop it other than to turn it off, researchers said.
Two years of silence from Apple
The researchers say they privately notified Apple of their findings in May 2019. A year and a half later, they presented Apple with "PrivateDrop," a reworked AirDrop they developed that uses private set intersection, a cryptographic technique that allows two parties to perform contact discovery process without disclosing vulnerable hashes. The implementation of PrivateDrop is publicly available on GitHub.

"Our prototype implementation of PrivateDrop on iOS/macOS shows that our privacy-friendly mutual authentication approach is efficient enough to preserve AirDrop's exemplary user experience with an authentication delay well below one second," the researchers wrote in a post summarizing their work.
Click to expand...

As of this week, Apple has yet to indicate if it has plans to adopt PrivateDrop or employ some other way to fix the leakage. Apple representatives didn't respond to an email seeking comment for this post.
Click to expand...

Rasheed187 · Apr 24, 2021

That's why I have never trusted this stuff related to Bluetooth. It should never be enabled by default.

Log in or Sign up

AirDrop Security Flaw Exposes 1.5 Billion Apple Devices, Researchers Say

mood Updates Team

mood Updates Team

Rasheed187 Registered Member

Log in or Sign up

AirDrop Security Flaw Exposes 1.5 Billion Apple Devices, Researchers Say

mood Updates Team

mood Updates Team

Rasheed187 Registered Member

Useful Searches