Home Cyber Security News Apple AirDrop Vulnerability Exposes Users’ Personal Information – Official Patch Awaited

Apple AirDrop Vulnerability Exposes Users’ Personal Information – Official Patch Awaited

by Abeerah Hashim
AirDrop vulnerability

Apple users relying on the AirDrop feature need to remain cautious while using this feature. Researchers from the Technical University of Darmstadt have discovered a serious security vulnerability in the Apple AirDrop feature.

AirDrop is an innate technology in Apple devices that facilitates users to share data with nearby devices wirelessly. This feature works on Bluetooth and WiFi and allows sending even large files to devices within the range.

While AirDrop provides convenience, it also potentially exposes users’ personal data to others over the air due to the bug.

Apple AirDrop Vulnerability Found

As described on a dedicated website, the researchers found two main issues due to the Apple AirDrop feature. One of them exposes the sender’s details, whereas, the other exposes the receivers’ data.

Specifically, the problems exist because of faulty hashing of contact identifiers during AirDrop connections. Since it’s possible to reverse the hash values, a malicious sender or receiver can easily know the phone number and email address of the other contact.

Explaining the exposure of sender’s details, the researchers stated,

During the AirDrop authentication handshake, the sender always discloses their own (hashed) contact identifiers as part of an initial discover message. A malicious receiver can therefore learn all (hashed) contact identifiers of the sender without requiring any prior knowledge of their target.

For this, a malicious receiver simply has to wait for a sender to scan for available AirDrop receivers. This is particularly dangerous at public hotspots where a sender may end up exposing personal data to complete strangers.

Similarly, a malicious sender may collect the information from a target receiver.

AirDrop receivers present their (hashed) contact identifiers in response to the discover message if they know any of the sender’s contact identifiers (e.g., if the receiver has stored the sender’s email address). A malicious sender can thus learn all contact identifiers (including the receiver’s phone number) without requiring any prior knowledge of the receiver – if the receiver knows the sender.

Although, this type of exposure doesn’t involve strangers. However, a known sender may easily exploit this issue even without knowing the receiver. As the researchers explained,

A popular person within a certain context (e.g., the manager of a company) can exploit this design flaw to learn all (private) contact identifiers of other people who have the popular person in their address book (e.g., employees of the company).

‘PrivateDrop’ Available As Workaround

The researchers found the security issue back in 2019. They reported the matter to Apple right then. However, until April 20, 2021, Apple hasn’t assured of a fix.

It means that the current Apple users with AirDrop on their devices remain vulnerable.

However, to protect the users, the researchers have developed and open-sourced a safer alternate – PrivateDrop. Interested users may find it on GitHub where the researchers have shared details about its setup.

The team has shared more details about the whole issue in a white paper. They will present this research at the upcoming 30th USENIX Security Symposium (USENIX Security’21).

You may also like

Latest Hacking News

Privacy Preference Center

Necessary

The __cfduid cookie is used to identify individual clients behind a shared IP address and apply security settings on a per-client basis.

cookie_notice_accepted and gdpr[allowed_cookies] are used to identify the choices made from the user regarding cookie consent.

For example, if a visitor is in a coffee shop where there may be several infected machines, but the specific visitor's machine is trusted (for example, because they completed a challenge within your Challenge Passage period), the cookie allows Cloudflare to identify that client and not challenge them again. It does not correspond to any user ID in your web application, and does not store any personally identifiable information.

__cfduid, cookie_notice_accepted, gdpr[allowed_cookies]

Advertising

DoubleClick by Google refers to the DoubleClick Digital Marketing platform which is a separate division within Google. This is Google’s most advanced advertising tools set, which includes five interconnected platform components.

DoubleClick Campaign Manager: the ad-serving platform, called an Ad Server, that delivers ads to your customers and measures all online advertising, even across screens and channels.

DoubleClick Bid Manager – the programmatic bidding platform for bidding on high-quality ad inventory from more than 47 ad marketplaces including Google Display Network.

DoubleClick Ad Exchange: the world’s largest ad marketplace for purchasing display, video, mobile, Search and even Facebook inventory.

DoubleClick Search: is more powerful than AdWords and used for purchasing search ads across Google, Yahoo, and Bing.

DoubleClick Creative Solutions: for designing, delivering and measuring rich media (video) ads, interactive and expandable ads.

doubleclick

Analytics

The _ga is asssociated with Google Universal Analytics - which is a significant update to Google's more commonly used analytics service. This cookie is used to distinguish unique users by assigning a randomly generated number as a client identifier. It is included in each page request in a site and used to calculate visitor, session and campaign data for the sites analytics reports. By default it is set to expire after 2 years, although this is customisable by website owners.

The _gat global object is used to create and retrieve tracker objects, from which all other methods are invoked. Therefore the methods in this list should be run only off a tracker object created using the _gat global variable. All other methods should be called using the _gaq global object for asynchronous tracking.

_gid works as a user navigates between web pages, they can use the gtag.js tagging library to record information about the page the user has seen (for example, the page's URL) in Google Analytics. The gtag.js tagging library uses HTTP Cookies to "remember" the user's previous interactions with the web pages.

_ga, _gat, _gid