Researchers Discover AirDrop Security Flaw That Could Expose Personal Data to Strangers
AirDrop is a feature that allows Apple devices to securely and conveniently transfer files, photos, and more between each other wirelessly. Users can share items with their own devices, friends, family, or even strangers. The convenience and ease of use, however, may be undermined by a newly discovered security flaw.
Researchers at TU Darmstadt have discovered that the process which AirDrop uses to find and verify someone is a contact on a receiver's phone can expose private information. AirDrop includes three modes; Receiving Off, Contacts Only, Everyone. The default setting is Contacts Only, which means only people within your address book can AirDrop photos, files, and more to your device.
The researchers discovered that the mutual authentication mechanism that confirms both the receiver and sender are on each other's address book could be used to expose private information. The researchers claim that a stranger can use the mechanism and its process within the range of an iOS or macOS device with the share panel open to obtain private information. As the researchers explain:
As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.
The discovered problems are rooted in Apple's use of hash functions for "obfuscating" the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.
To determine whether the other party is a contact, AirDrop uses a mutual authentication mechanism that compares a user's phone number and email address with entries in the other user's address book.
According to the researchers, Apple was informed of the flaw in May of 2019, and despite several software updates since then, the flaw remains.
Popular Stories
Apple is preparing to launch a dramatically thinner iPhone this September, and if recent leaks are anything to go by, the so-called iPhone 17 Air could boast one of the most radical design shifts in recent years.
iPhone 17 Air dummy model alongside iPhone 16 Pro (credit: AppleTrack)
At just 5.5mm thick (excluding a slightly raised camera bump), the 6.6-inch iPhone 17 Air is expected to become ...
Apple may have canceled the super scratch resistant anti-reflective display coating that it planned to use for the iPhone 17 Pro models, according to a source with reliable information that spoke to MacRumors.
Last spring, Weibo leaker Instant Digital suggested Apple was working on a new anti-reflective display layer that was more scratch resistant than the Ceramic Shield. We haven't heard...
Despite being more than two years old, Apple's AirPods Pro 2 still dominate the premium wireless‑earbud space, thanks to a potent mix of top‑tier audio, class‑leading noise cancellation, and Apple's habit of delivering major new features through software updates. With AirPods Pro 3 widely expected to arrive in 2025, prospective buyers now face a familiar dilemma: snap up the proven...
Apple has completed Engineering Validation Testing (EVT) for at least one iPhone 17 model, according to a paywalled preview of an upcoming DigiTimes report.
iPhone 17 Air mockup based on rumored design
The EVT stage involves Apple testing iPhone 17 prototypes to ensure the hardware works as expected. There are still DVT (Design Validation Test) and PVT (Production Validation Test) stages to...
This week marks the 10th anniversary of the Apple Watch, which launched on April 24, 2015. Yesterday, we recapped features rumored for the Apple Watch Series 11, but since 2015, the Apple Watch has also branched out into the Apple Watch Ultra and the Apple Watch SE, so we thought we'd take a look at what's next for those product lines, too.
2025 Apple Watch Ultra 3
Apple didn't update the...
All upcoming iPhone 17 models will come equipped with 12GB of RAM to support Apple Intelligence, according to the Weibo-based leaker Digital Chat Station.
The claim from the Chinese leaker, who has sources within Apple's supply chain, comes a few days after industry analyst Ming-Chi Kuo said that the iPhone 17 Air, iPhone 17 Pro, and iPhone 17 Pro Max will all be equipped with 12GB of RAM.
...
In a victory for Epic Games, Apple was today found to be in violation of a 2021 injunction that required it to allow developers to direct customers to third-party purchase options on the web using in-app links.
Judge Yvonne Gonzalez Rogers, who has been handling the Apple vs. Epic Games dispute for the last five years, said that Apple is in "willful violation" of the injunction she issued to ...
Spotify today submitted an app update to Apple that will include information on Spotify plan costs and options to subscribe through weblinks without using the in-app purchase system. Spotify will not need to pay a fee to Apple when customers subscribe to the service using alternate payment methods in the Spotify app.
In a blog post announcing the changes, Spotify said that yesterday's ruling ...
