Apple's AirDrop Comes with a Security Flaw 1.5 billion users Data Breach
According to a report, quoting researchers from Germany’s Technische Universitat Darmstadt, it has been revealed that any person can access Apple users’ email addresses and mobile numbers, despite being a stranger and it is done by just sharing pane on the device after the sharing process is initiated. Another reason is Apple’s rather weak hashing system despite the encryption of data. This can allow hackers to access people’s personal details.
Besides that, a weak hashing system of Apple further allows hackers to access personal details. Although this is quite concerning, users are only affected in specific circumstances. For one thing, anyone who has set their receive settings to Everyone is at risk.
Apple's use of hash functions for "obfuscating" the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.
The basic requirement to perform this is a stable Wi-Fi connection and the proximity between the two Apple devices. Apple has been notified by the researchers about the security flaw and a possible solution has been found out which is called PrivateDrop which is based on optimized cryptographic private set intersection protocols and allows for the secure transfer of files between users without any flaws.
Possibility of happening
- AirDrop uses a “mutual authentication” process to compare the phone numbers and email addresses of a possible receiver with that of the details stored in a user’s contact list.
- The researchers found that the problem exists within the use of hash functions that exchange phone numbers and email addresses during the discovery process.
- The researchers claim that a stranger can use the mechanism and its process within the range of an iOS or macOS device with the share panel open to obtain private information.