You can only stay safe by disabling AirDrop discovery in the system settings of your Apple device, a study says
Two security loopholes in Apple’s AirDrop feature could let hackers access the phone numbers and email addresses associated with both the sending and receiving device, German researchers have found. The feature, which lets users easily transfer files between Macs, iPhones and iPads, is present in more than 1.5 billion Apple devices.
The two vulnerabilities are classified as severe and affect AirDrop’s authentication protocol, according to the paper called PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop and written by a research team from the Technical University of Darmstadt, Germany.
“In particular, the flaws allow an adversary to learn contact identifiers (i.e., phone numbers and email addresses) of nearby AirDrop senders and receivers. The flaws originate from the exchange of hash values of such contact identifiers during the discovery process, which can be easily reversed using brute-force or dictionary attacks,” reads the paper.
The stolen identifiers could, for example, be used for spear-phishing campaigns, or the combination of phone number and email could be sold on the dark web, where other cybercriminals could abuse them for a range of nefarious ends.
A cybercriminal who wants to exploit the flaws would have to be in close physical proximity to their victims and possess a device with an off-the-shelf Wi-Fi card in order to be able to communicate using the Apple Wireless Direct Link (AWDL) protocol, which is used in AirDrop and AirPla ..
Support the originator by clicking the read the rest link below.
