Skip to main content

Researchers find a scary data vulnerability in Apple’s AirDrop

Digital Trends

Hackers can tap into AirDrop data and pull your phone number or your email address. This issue has been known since 2019 and has yet to be patched or acknowledged by Apple, though it impacts almost 1.5 billion Apple devices today.

According to a report from security researchers at Germany’s Technical University of Darmstadt, the core of this issue is the way in which AirDrop shares files between Apple devices using the address book and contacts list as an option by default. Per the researchers, since AirDrop leverages “a mutual authentication mechanism,” to compare phone numbers, as well as email addresses, a hacker can easily intercept this information using “a Wi-Fi-capable device” that is nearby to an Apple user sharing through MacOS, iOS, or iPadOS via AirDrop. A proof of concept attack can be found on GitHub.

Recommended Videos

This can be done even if the hacker isn’t in the user’s address book or contacts list. It happens both ways, via Sender Leakage, as well as Receiver Leakage, according to the researchers.

Apple does try to protect the exchanged phone numbers and email addresses via “obfuscating,” but security researchers have found that it does not prevent the reversing of hash values. These can be “quickly reserved,” according to security researchers, through brute force attacks.

The researchers at the Technical University of Darmstadt have developed “PrivateDrop” which can replace AirDrop’s flawed design. This solution is reportedly based on optimized cryptographic private set intersection protocols.

This means it can complete exchanges between certain devices without exchanging the hash values that could otherwise be interpreted. This all can occur with a delay time of around a second. This project is available on GitHub, for those interested in the research behind what went into developing it.

Since Apple hasn’t yet officially released a fix, you can try to avoid using or completely turn off AirDrop if you are concerned. To do this on an iPhone or an iPad, click Settings > General. From there, tap AirDrop > Receiving Off. On MacOS, you can turn off AirDrop by clicking to the Control Center next to the date and time, choosing AirDrop, and then toggling the switch to Off. Additional details are available via Apple if you wish to learn more about AirDrop on MacOS.

Arif Bacchus
Arif Bacchus is a native New Yorker and a fan of all things technology. Arif works as a freelance writer at Digital Trends…
This iPhone prototype has a feature Apple hasn’t released yet
A close-up of the iPhone 14 Pro's camera module.

Before the iPhone 15 Pro launched, a lot of people suspected Apple would ditch its physical buttons in lieu of haptic feedback buttons. As we now know, that didn't happen, nor did any of the iPhone 16 lineup receive this feature. Now, a video of an iPhone 14 Pro prototype has surfaced that shows a working haptic volume and power button — so why didn't it release?

An anonymous source told Android Headlines that Apple isn't yet ready to add the feature into its existing lineup. Haptic controls — supposedly code=named internally as "Bongo" — have been in development for quite some time, even before the launch of the iPhone 13 series. The prototype iPhone 14 is said to have been built in May 2021, and though it does have some interesting features, it isn't fully functional.

Read more
I compared Apple’s and Samsung’s AI photo editing tools. There’s a clear winner
The Samsung Galaxy S24 Ultra and Apple iPhone 16 Pro Max's screen.

Apple has joined the AI game with Apple Intelligence, finally catching up to its competitors in that department. And with the iOS 18.1 update in October, most people who have a compatible iPhone can finally use those Apple Intelligence tools, including Clean Up.

The Clean Up tool in the Photos app is basically Apple’s version of Google’s Magic Eraser or Samsung’s Object Eraser. Back when I compared Magic Eraser and Object Eraser, Samsung’s tool was the better of the two. So, how does Apple’s Clean Up compare? Let’s find out.
The limitations of object removal tools

Read more
Apple’s latest Find My feature taps airlines to rescue lost luggage
Share Item Location feature introduced with iOS 18 beta 2 update.

Apple’s Find My platform for item location is one of the most lucrative elements of its ecosystem. Now, the company is introducing a new feature called Share Item Location, which allows users to securely share the location of any accessory (or item with an AirTag attached) with friends or commercial airline service providers.

To that end, the company has joined hands with over 15 airline service providers operating across North America, Australia, Asia, and Europe to help passengers locate their lost items. The airline partners will kick-start their respective tracking assistance services in the coming months.

Read more