AirDrop Vulnerability Can Reveal Your Phone Number and Email Address To Others

iOS 11 AirDrop 1

A new AirDrop vulnerability has been discovered by researchers at a German University. The flaw, if exploited, could reveal your phone number and email address via AirDrop to nearby people without the user’s consent.

Under the study “AirDrop shares more than files,” researchers at Technische Universitat Darmstadt have identified how the AirDrop flaw words, and how it does not even require the transfer to occur. The researchers say that Apple was notified of the issue back in May 2019, Apple, though, hasn’t acknowledged the issue, and hasn’t released any update regarding the issue.

“Studies by TU researchers at the Department of Computer Science show that uninvited people can also tap into data.”

The study first explains how AirDrop works. By default, AirDrop is set to ‘Contacts Only.’ Now, what it does is, it cross matches if the contacts are on both the phones by performing a ‘mutual authentication,’ that compares a user’s phone number and email address with entries in the other user’s address book.

The study reveals that even though the authentication is encrypted, it is ‘weak.’ It says that as an attacker, it is possible to find out the phone numbers and email addresses of nearby AirDrop users.

“The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. Researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.”

What the study means is even if the authentication fails, an attacker can just reverse engineer the authentication process by applying Brute Force techniques and find out the number of the user.

Researchers say that they have notified Apple about the issue, but have not received any reply from them, yet.

Do you use AirDrop on your iPhone and iPad? How frequently do you use it? Let us know in the comments section below!

[Via Technische Universitat Darmstadt]