AirDrop is a feature that enables this Apple device users can send and receive photos, documents, and other files to a nearby iPhone or other compatible Apple device without using a cellular or Wi-Fi connection. Bluetooth and Wi-Fi must be enabled for both parties to use this feature. This is because AirDrop relies on Bluetooth Low Energy (Bluetooth LE) to broadcast and find nearby connections. While AirDrop doesn’t require a Wi-Fi network, files are transferred over point-to-point Wi-Fi.
The AirDrop exploit can steal your phone number and email address
Back in 2018, Some iPhone users have had a phenomenon known as cyber flashing in which sexually explicit photos are randomly sent to an unsuspecting iPhone user from a very close range iPhone user (e.g., a subway train or an airplane) who can refuse to receive an AirDrop. However, an image large enough to offend the random target will be received before the victim has a chance to decline the AirDrop.
An AirDrop vulnerability allows hackers to steal a user’s phone number and email address
As we told you at the time, the best way to prevent this from happening was to change your settings so that your phone can be recognized from Everyone to Contacts Only. Unless there are perverts in your contact list, this step should save you from receiving unwanted sexual images through AirDrop. And no, cyber flashing is not what Apple designed Air Drop for .;
AirDrop is back in the news today after researchers at the Technical University of Darmstadt discovered it was a “serious privacy breach” that could reveal an iPhone user’s phone number and email address to strangers without permission. All a hacker would need is a device that can connect to Wi-Fi and that is in close proximity to an Apple device with an open sharing sheet.
As the German research company wrote on its blog (via AppleInsider): “Because sensitive information is usually only shared with people who users already know, AirDrop only shows recipient devices from address book contacts by default. To determine whether the other party is a contact, AirDrop uses a mutual authentication mechanism that compares that of a user Phone number and email address with entries in the other user’s address book. “While this data is encrypted by Apple, the researchers say the hashing method used by the tech giant can be reversed by” brute force attacks “.
While researchers developed a solution called “PrivateDrop” that replaces the use of hashed data with a more secure encryption technique, users can avoid revealing their phone number and email address by setting AirDrop to “receive off” on their device sheet is closed while the share is maintained. There are over 1.5 billion Apple devices that could be affected by this attack, and researchers notified Apple of the vulnerability in May 2019. So far, Apple has not recognized the problem and has yet to state that it is working on a solution.
A scientific paper on this exploit was written by the researchers and will be presented by them at the USENIX security symposium in August. Perhaps by then, Apple will feel the pressure to shed some light on this problem and work on a solution that will fix the problem. AirDrop is available on select Apple devices including iPhone 5 or later, iPad 4th generation or later, all iPad Air, iPad Pro, iPad Mini models, iPod touch fifth generation and later, all iOS 7 or later run higher.
It’s also available on certain Macs running Mac OS X 10.7 and later (via the Finder sidebar). On Macs with OS X 10.8.1 or later, use the menu option Walk → AirDrop or tap shift + command + R.).