Also read: Apple AirTag: what is it, how does it work, Android support, and more
Table of Contents
How does the AirDrop flaw work?
“As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device,” said Secure Mobile Networking Lab and the Cryptography and Privacy Engineering Group in a press release.
The problem is apparently rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt showed that hashing fails to provide privacy-preserving contact discovery as the so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.
How to protect yourself from the AirDrop flaw?
According to the researchers, over 1.5 billion users could be vulnerable to the AirDrop flaw. Apple is yet to acknowledged the bug, so there is no official way to fix this as of now. However, researchers suggest that one way users can safeguard themselves from strangers is by disabling AirDrop when not in use. It would also be wise to keep AirDrop discoverable by your contacts only instead of everyone.