A new report by researchers at a German university suggests that the Wi-Fi and Bluetooth powered Apple-to-Apple data transfer tech could expose your phone number and email address to a stranger who is in Wi-Fi range. All the stranger would need to do is be in range.
Technische Universitat Darmstadt researchers suggest that simply opening an iOS or macOS sharing panel could expose personal information to people in range. This could reportedly happen even without beginning a transfer for third parties and can expose a “significant security risk” they said, as per a report by Trusted Reviews.
“As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device,” Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) said in a press release.
“The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks,” the report added.
How can you stay safe from the vulnerability?
The researchers say that 1.5 billion users could be vulnerable to the issue. However, Apple hasn’t acknowledged the problem yet. For now, the researchers suggest that the only way for users to keep themselves safe from the vulnerability is to completely turn AirDrop off.