A new AirDrop vulnerability has been discovered by researchers at a German University. The flaw, if exploited, could reveal your phone number and email address via AirDrop to nearby people without the user’s consent.
Under the study “AirDrop shares more than files,” researchers at Technische Universitat Darmstadt have identified how the AirDrop flaw words, and how it does not even require the transfer to occur. The researchers say that Apple was notified of the issue back in May 2019, Apple, though, hasn’t acknowledged the issue, and hasn’t released any update regarding the issue.
“Studies by TU researchers at the Department of Computer Science show that uninvited people can also tap into data.”
The study first explains how AirDrop works. By default, AirDrop is set to ‘Contacts Only.’ Now, what it does is, it cross matches if the contacts are on both the phones by performing a ‘mutual authentication,’ that compares a user’s phone number and email address with entries in the other user’s address book.
The study reveals that even though the authentication is encrypted, it is ‘weak.’ It says that as an attacker, it is possible to find out the phone numbers and email addresses of nearby AirDrop users.
“The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. Researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techni ..