Apple’s AirDrop is one of the most popular feature for Apple users to share content among two Apple devices. A flaw has now been found in Apple’s AirDrop feature that can potentially expose all the private data of a user who is in Wi-Fi range. The flaw, found by researchers at Technische Universitat Darmstadt, a German university suggests that simply opening an iOS or macOS sharing panel could expose personal information to people in range. This could reportedly happen even without initiating a file transfer and can expose a significan risk. According to a report in Trusted Reviews, who first reported on this flaw, it could expose users’ phone numbers and email address to a stranger who is in Wi-Fi range. The report said that the researchers at the University (Technische Universitat) raised this issue with Apple back in 2019 and the company hasn’t fixed it yet. They said that the issue lies in the weak hashing of phone numbers and email addresses associated with the Apple user. “All strangers need to do is be in the vicinity in order to snoop," the report said.
The Trusted Reviews report also cited a press release from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) as saying, “As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device." The problems, according to the report lie in Apple’s use of hash functions. However, the researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery and has values can be reversed using simple techniques.
The researchers said that 1.5 billion Apple users are affected by this issue, but Apple still hasn’t acknowledged the issue. The researchers were further quoted as saying that the only way to avoid falling prey to this flaw is to stop using AirDrop, at least till a time Apple issues a fix.