Apple bug lets hackers steal AirDrop users’ phone numbers, email addresses
The report says that more than 1.5 billion Apple device owners at a risk.
AirDrop is one of Apple devices’ most useful features. It enables Apple device users to transfer data to other Apple devices seamlessly. Now, word is that AirDrop is riddled with a bug that enables hackers to steal users’ phone numbers and email addresses.
According to a report by the Technical University of Darmstadt, AirDrop has a bug that could lead an attacker to learn the phone numbers and email addresses of AirDrop users even as a complete stranger. “All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device,” the researchers wrote in a blog post.
For understanding, AirDrop uses a mutual authentication mechanism to compare a user’s phone number and email address with the entries in the address book of the device with which it is about to share the data. The researchers found that hackers can get their hands on this data by being close to the target and having a Wi-Fi-enabled device. Such a system would initiate the detection process by opening a file-sharing panel on an iOS or macOS device.
“The discovered problems are rooted in Apple's use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process,” researchers said in the blog adding that they have discovered that hashing fails to provide ‘privacy-preserving contact discovery’ and that the hash values can be reversed using simple brute-force techniques. Simply said, hackers can decode the encoded data containing phone numbers and email addresses easily.
The researchers also said that they informed Apple about this vulnerability back in May 2019. The company, however, hasn’t taken any action in this regard putting more than 1.5 billion Apple device owners at a risk. “Users can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing menu,” researchers said.