AirDrop Flaw that Remains Unpatched Since 2019 can Expose Your Phone Number and Email to Complete Strangers

Submit

A newly discovered security flaw in Apple AirDrop, that has been around since 2019, can expose your phone number and email to strangers.

Turn Off AirDrop as a Security Flaw can Expose Your Phone Number and Email Address to Strangers

AirDrop is considered one of the best features of the Apple ecosystem. It is fast, convenient and does not need a huge learning curve to get started with. Sending files, photos and videos to another iPhone, iPad or Mac user has never been this easy, thanks to AirDrop.

Apple Warns Leakers Again, Says it Misleads Third-Party iPhone Case Manufacturers

However, according to researchers at TU Darmstadt, AirDrop can reveal a user's contact information and email to a stranger. This is made possible using the process which AirDrop goes through in order to check whether or not the person on the receiving end is in your contact list or not.

The most alarming thing here is the fact that Apple has been aware of this security issues since May of 2019 and so far it has not patched anything.

As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.

The discovered problems are rooted in Apple's use of hash functions for "obfuscating" the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.

To determine whether the other party is a contact, AirDrop uses a mutual authentication mechanism that compares a user's phone number and email address with entries in the other user's address book.

If you think this is a huge cause for concern, then it would be wise to turn off AirDrop completely on your iPhone or iPad. You can do so by going to Settings > General > AirDrop and then select Receiving Off. You can also do this on the Mac by launching Finder, click on AirDrop and then set Allow me to be discovered by to No One.

Submit