This article was last updated 4 years ago

Apple
Credits: Wikimedia Common

In today’s era, everything is digital. And as technology continues to advance, there has been a substantial increase in the need for user privacy. Nothing remains private once it is on the internet, and when this includes sensitive information related to the users, it becomes a matter of grave concern when such information falls into the wrong hands. Apple is a company that market itself as a safe haven for user privacy data, but according to a new report, there has been a slip up.

In the same week as Apple’s “Spring Loaded” event, a security flaw in Apple’s AirDrop feature has been discovered, which can accidentally expose your email address and phone number to any stranger operating an Apple device nearby, researchers at the Technical University of Darmstadt have said. What makes it all the more perplexing is that this flaw has been around since 2019 and Apple has been aware of it, but has taken no steps to date. This flaw is present in more than 1.5 billion Apple devices.

One of the distinguishing features of Apple- AirDrop allows fast and convenient transfer of files, photos, and others wirelessly to another iPhone, iPad, or Mac user.

On a website, the researchers wrote that it was possible to learn the phone numbers and email addresses of AirDrop users, even by a complete stranger. “An attacker just requires a Wi-Fi-capable device and physical proximity to a target. Apple users are still vulnerable. They can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing pane,” they said.

AirDrop broadcasts an encrypted form of your contact details to any Apple device within Wi-Fi or Bluetooth range when it is ready to transfer any file. But it is Apple’s “relatively weak hashing mechanism” that puts your contact details at risk of exposure.

AirDrop has three modes – Receiving Off, Contacts Only, and Everyone. The “Contacts Only” mode is the default one, meaning that only people saved as contacts can AirDrop photos, files, and more to a user’s device. According to the researchers, the mutual authentication mechanism (which confirms both the receiver and sender are on each other’s address book) could be used to expose sensitive information.

According to the site, “The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.”

If you want to avoid risking your contact details going on the internet (or worse, the dark web, and then have your identity stolen or being involved in fraud), then you can turn off the AirDrop feature on your device by selecting the “Receiving Off” mode for iPhone and iPad, and “Allow me to be discovered by No One” on a Mac.

It is a matter of concern as to why Apple has overlooked such an important issue, and it is hoped that the matter will be resolved soon.