Menu
Security firm warns of ‘significant privacy leak’ in AirDrop

Security firm warns of ‘significant privacy leak’ in AirDrop

German researchers outline flaw in Apple's wireless delivery system that could expose personal data.

Credit: Apple

AirDrop is a convenient way to share files and photos with the people around you, but a team of security researchers is warning that a flaw could allow strangers to steal your personal information even if they're locked out of the system.

The significant privacy leak was uncovered by researchers from the Technical University of Darmstadt in Germany, who claim they informed Apple about the leak nearly two years ago but it still exists. According to the report, the user doesn't even need to share a file to be vulnerable.

As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.

The problem stems from Apple's use hash functions to hide phone numbers and email addresses during the AirDrop discovery process. However, the TU researchers claim that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.

Once the share sheet comes up and AirDrop starts looking for people nearby, your information is exposed and vulnerable to attack, the researchers claim.

Privacy is one of Apple's main focuses with its products, and it goes to great lengths to make sure your personal information isn't shared without your consent. For example, Sign In with Apple uses a private email relay service so companies can't see your personal address.

They developed a solution using optimised cryptographic private set intersection protocols that can securely perform the contact discovery process without leaving personal data vulnerable. The group says that Apple has neither acknowledged the problem nor indicated that they are working on a solution. The researchers will publish their findings in August at the USENIX Security Symposium.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Apple

Events

Featured

Slideshows

Channel kicks 2021 into gear as After Hours returns to Auckland

Channel kicks 2021 into gear as After Hours returns to Auckland

After Hours made a welcome return to the channel social calendar with a bumper crowd of partners, distributors and vendors descending on The Pantry at Park Hyatt in Auckland to kick-start 2021.

Channel kicks 2021 into gear as After Hours returns to Auckland
The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards

Hundreds of leaders from the New Zealand IT industry gathered at the Hilton in Auckland on 17 November to celebrate the finest female talent in the Kiwi channel and recognise the winners of the Reseller News Women in ICT Awards (WIICTA) 2020.

The Kiwi channel gathers for the 2020 Reseller News Women in ICT Awards
Show Comments