This is a piece of important news for users of Apple devices. AirDrop, which is one of the most popular features to share content between two Apple devices, has now been diagnosed with a flaw that can potentially expose all the private data of a user in the WiFi range, MSN.com reported.
Researchers at Technische Universitat Darmstadt in Germany suggest that simply opening an iOS or macOS sharing panel could expose personal information to people in range. This could reportedly happen even without initiating a file transfer and can expose a significant risk. As many as 1.5 billion users are likely to be affected by this issue, but Apple hasn’t acknowledged it yet. The researchers were further quoted as saying that the only way to avoid falling prey to this flaw is to stop using AirDrop, at least until Apple issues a fix.
According to a report in Trusted Reviews, where the flaw was first published, it could expose users’ phone numbers and email addresses to a stranger who is in the WiFi range. The report said that the researchers at the University (Technische Universitat) raised this issue with Apple back in 2019 but the company hasn’t fixed it yet. They said that the issue lies in the weak hashing of phone numbers and email addresses associated with the Apple user. “All strangers need to do is be in the vicinity in order to snoop,” the report said.
The Trusted Reviews report also cited a press release from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) as saying, “As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.” The problems, according to the report lie in Apple’s use of hash functions.