A group of researchers from Darmstadt University of Technology, Germany, discovered a new privacy vulnerability in AirDrop, which enables file sharing between Apple devices . It is stated that more than 1.5 billion Apple devices are in danger due to the privacy gap that has not yet been closed by Apple .
Phone numbers and email addresses may be exposed
There is a feature that Apple users love very much, which is AirDrop. Because it is extremely easy to share files between Apple devices via AirDrop, users often prefer AirDrop. However, the two-stage privacy issue discovered in AirDrop can lead to the hijacking of Apple users’ mobile phone numbers and email addresses.
Researchers say the privacy problem in AirDrop is caused by the weak encryption mechanism in data sharing between the two devices during the authentication process .
Experts detailing the problem that may cause data breaches state that the first vulnerability is due to the “people only” option that AirDrop offers for file sharing permission. Because when the “contacts only” option is enabled, AirDrop tries to show only contacts in the phonebook as recipients by default. For this, the system tries to discover whether the devices in range are a registered person in the phonebook, and performs a mutual authentication with the device on the opposite side. An encryption mechanism is also used to hide the phone numbers and email addresses exchanged during this discovery. However, the researchers state that they managed to overcome this mechanism and reach the data by using simple techniques such as Brute Force. For this is all they need,
More than 1.5 billion devices vulnerable since 2019
The researchers stated that they informed Apple about the vulnerability in May 2019, but there was no return from the Apple wing. This means that more than 1.5 billion Apple devices are currently in danger. Experts state that Apple users can be protected from a possible attack by keeping AirDrop off for now .