Skip to main content

Researchers find a scary data vulnerability in Apple’s AirDrop

Digital Trends

Hackers can tap into AirDrop data and pull your phone number or your email address. This issue has been known since 2019 and has yet to be patched or acknowledged by Apple, though it impacts almost 1.5 billion Apple devices today.

According to a report from security researchers at Germany’s Technical University of Darmstadt, the core of this issue is the way in which AirDrop shares files between Apple devices using the address book and contacts list as an option by default. Per the researchers, since AirDrop leverages “a mutual authentication mechanism,” to compare phone numbers, as well as email addresses, a hacker can easily intercept this information using “a Wi-Fi-capable device” that is nearby to an Apple user sharing through MacOS, iOS, or iPadOS via AirDrop. A proof of concept attack can be found on GitHub.

This can be done even if the hacker isn’t in the user’s address book or contacts list. It happens both ways, via Sender Leakage, as well as Receiver Leakage, according to the researchers.

Apple does try to protect the exchanged phone numbers and email addresses via “obfuscating,” but security researchers have found that it does not prevent the reversing of hash values. These can be “quickly reserved,” according to security researchers, through brute force attacks.

The researchers at the Technical University of Darmstadt have developed “PrivateDrop” which can replace AirDrop’s flawed design. This solution is reportedly based on optimized cryptographic private set intersection protocols.

This means it can complete exchanges between certain devices without exchanging the hash values that could otherwise be interpreted. This all can occur with a delay time of around a second. This project is available on GitHub, for those interested in the research behind what went into developing it.

Since Apple hasn’t yet officially released a fix, you can try to avoid using or completely turn off AirDrop if you are concerned. To do this on an iPhone or an iPad, click Settings > General. From there, tap AirDrop > Receiving Off. On MacOS, you can turn off AirDrop by clicking to the Control Center next to the date and time, choosing AirDrop, and then toggling the switch to Off. Additional details are available via Apple if you wish to learn more about AirDrop on MacOS.

Editors' Recommendations

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
An Apple insider just revealed how iOS 18’s AI features will work
An iPhone 15 Pro Max laying face-down outside, showing the Natural Titanium color.

As Apple’s Worldwide Developers Conference (WWDC) inches closer, the chatter around the company’s AI work has taken a feverish turn. In a year when smartphone and computing brands have focused solely on AI niceties, Apple has been uncharacteristically silent around the AI hype — eliciting concern about the brand missing the train.

However, a new report has given us a closer look at how Apple's AI dreams may come to fruition with its iOS 18 update later this year.
New details on Apple's AI plans

Read more
Here’s how Apple could change your iPhone forever
An iPhone 15 Pro Max laying on its back, showing its home screen.

Over the past few months, Apple has released a steady stream of research papers detailing its work with generative AI. So far, Apple has been tight-lipped about what exactly is cooking in its research labs, while rumors circulate that Apple is in talks with Google to license its Gemini AI for iPhones.

But there have been a couple of teasers of what we can expect. In February, an Apple research paper detailed an open-source model called MLLM-Guided Image Editing (MGIE) that is capable of media editing using natural language instructions from users. Now, another research paper on Ferret UI has sent the AI community into a frenzy.

Read more
There’s a big problem with the iPhone’s Photos app
The Apple iPhone 15 Plus's gallery app.

While my primary device these days continues to be my iPhone 15 Pro, I’ve dabbled with plenty of Android phones since I’ve been here at Digital Trends. One of my favorite brands of phone has been the Google Pixel because of its strong suite of photo-editing tools and good camera hardware.

Google first added the Magic Eraser capability with the Pixel 6 and Pixel 6 Pro, which is a tool I love using. Then, with the Pixel 8 series, Google added the Magic Editor, which uses generative AI to make edits that wouldn’t be possible otherwise. There are also tools like Photo Unblur, which is great for old photographs and enhancing images that were captured with low-quality sensors.

Read more