Hackers can access it AirDrop data and drag out your phone number or your email address. This issue has been known since 2019 and has yet to be patched or acknowledged by Apple, although it affects nearly 1.5 billion Apple devices today.

According to a report by Security researcher at the Technical University of Darmstadt, At the heart of this problem is the way AirDrop shares files between Apple devices, using the address book and contact list as an option by default. According to the researchers, a hacker can easily intercept this information using a “Wi-Fi enabled device” located near an Apple user share because AirDrop uses “a mutual authentication mechanism” to share phone numbers as well as email – Compare addresses via MacOS, iOS or iPadOS via AirDrop. A proof of Concept attack can be found on GitHub.

It can do this even if the hacker is not in the user’s address book or contact list. According to the researchers, this happens in both directions, both via transmitter leakage and via receiver leakage.

Apple tries to use “obfuscation” to protect the phone numbers and e-mail addresses exchanged, but security researchers have determined that this does not prevent hash values ​​from being reversed. According to security researchers, these can be “quickly reserved” through brute force attacks.

The researchers at the Technical University of Darmstadt have claimed to have developed “PrivateDrop”, which can replace the faulty design of AirDrop. This solution is reportedly based on optimized cryptographic intersection protocols for private sentences.

This means that the exchange between certain devices can be completed without having to exchange the hash values ​​that could otherwise be interpreted. All of this can occur with a delay time of about a second. This project is available on GitHub, for those interested in the research behind the development.

Since Apple hasn’t officially released a fix yet, you can try to avoid using it or switch off AirDrop completely if you are concerned. To do this, click on an iPhone or iPad Settings> General. From there, tap AirDrop> Receive off. On MacOS, you can turn off AirDrop by clicking and selecting the Control Center next to Date and Time AirDropand then toggle the switch to Out. more details are available from Apple If you want to learn more about AirDrop on macOS.

Editor’s recommendations

Source link

Leave a Reply