One of the most
useful features on Apple devices is AirDrop. It allows users of Apple devices
to easily migrate data to other Apple devices. AirDrop is now said to have a
bug that allows hackers to steal users' phone numbers and email addresses.
According to a
study from the Technical University of Darmstadt, AirDrop has a flaw that could
enable a stranger to learn the phone numbers and email addresses of AirDrop
users. The researchers said that all they need is a Wi-Fi-capable computer and
physical proximity, to a target that starts the discovery process by opening
the sharing pane on an iOS or macOS device.
For clarity,
AirDrop compares a user's phone number and email address to entries in the
address book of the computer,with which it is about to exchange data using a
shared authentication mechanism. The researchers discovered that by being close
to the target and using a Wi-Fi-enabled computer, hackers can gain access to
this data. The detection process will be started by opening a file-sharing
panel on an iOS or macOS computer.
“The discovered
issues are rooted in Apple's use of hash functions for “obfuscating” the
exchanged phone numbers and email addresses during the discovery process,”
researchers wrote in a blog post, adding that hashing fails to provide
‘privacy-preserving communication discovery,' and that hash values can be
reversed using simple brute-force techniques. To put it another way, hackers
can easily decipher the encrypted data containing phone numbers and email
addresses.
The researchers
also reported that they notified Apple of the vulnerability in May of last year.
However, the company has taken no action in this regard, placing the lives of
more than 1.5 billion Apple computer owners in jeopardy. “The only way for
users to protect themselves is to disable AirDrop discovery in the device settings
and avoid using the sharing menu,” researchers said.
Apple has been a
lot in the news recently, since the launch of new products and features last week,
namely the Airtag. Apple today announced AirTag, a lightweight and elegantly
crafted accessory that works with Apple's ‘Find My app’, to help you keep track
of and find the things that matter most.
AirTag, whether
attached to a handbag, keys, backpack, or other object, connects to the
massive, global ‘Find My network’ and can assist in the recovery of a lost
item, all while keeping location data private and anonymous thanks to
end-to-end encryption. AirTag will be available starting Friday, April 30 in
one and four-packs for $29 and $99, respectively.
Apple's vice
president of Worldwide iPhone Product Marketing, Kaiann Drance, said,
"We're excited to bring this amazing new functionality to iPhone users
with the launch of AirTag, leveraging the vast Find My network, to help them
keep track of and find the important things in their lives." “AirTag will
provide consumers with another way to harness the strength of the Apple
ecosystem and improve the flexibility of iPhone with its interface,
unparalleled finding experience, and built-in privacy and security features”,
he added.