AirDrop could be hacked to reveal personal information, researchers say

AirDrop is a fast, simple way to transfer files, photos, videos and more from one Apple device to another.

Charles Wagner/CNET

Apple’s popular AirDrop feature for sharing files may be vulnerable to hacking attempts, according to security researchers at a German university. In a post published on Friday, researchers at Technische Universitat Darmstadt said that a nearby stranger could discover the phone number and email of an AirDrop user due to a privacy gap in the feature. 

The issue, which was earlier reported by Gizmodo, apparently stems from the “Contacts Only” option in AirDrop, which uses a “mutual authentication mechanism” to check whether a user’s phone number and email is in someone else’s contacts list, according to the researchers. The information is encoded in hash during this process, but a bad actor in “physical proximity to a target” could pick up the information and quickly reverse the privacy measures using “simple techniques such as brute-force attacks,” said the researchers. 

The university first informed Apple of the potential vulnerability in May 2019, the researchers said, but the issue hasn’t been addressed in subsequent software updates. 

The team has put forward its own alternative called “Private Drop” that doesn’t “rely on exchanging vulnerable hash values.”

Apple didn’t respond to a request for comment. 

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Back to top button