AirDrop is one of the most convenient features that Apple users have to share files between the company’s devices by connecting to the internet or a computer. But the wireless data transferring feature has been discovered to have a fatal flaw by security researchers that puts over 1.5 billion users in danger.
According to the security researchers at Technische Universitat Darmstadt in Germany, Apple AirDrop has a major vulnerability that exposes the user’s phone number and email address that can be grabbed by any nearby bad actor. The problem is said to be rooted in AirDrop’s “Contacts Only” option that uses a “mutual authentication mechanism” to cross-reference a user’s phone number and email with another’s contact list. Since most users have been leaving their AirDrop turned on for either “Everyone” or “Contacts Only,” this leaves their devices open for a possible hack.
Apple AirDrop Vulnerability Exposes Your Phone Number and Email
According to the researchers, the Apple AirDrop vulnerability can be exploited by strangers to discover the phone number and email address of any nearby AirDrop user. All he needs to have is a device with Wi-Fi and to be physically close to an AirDrop user. Then they can simply open the sharing pane on an iOS or macOS device, and if you have the feature enabled, it doesn’t require the user to initiate or engage with any sharing to be at risk. This means that when the AirDrop is turned on with the “Everyone” option selected, it makes your device vulnerable to the hack.
Researchers say that when an AirDrop user has the “Contacts Only” option turned on, the feature uses a mutual authentication mechanism to find out whether an AirDrop user is in their contacts. AirDrop sends the phone number and email address for cross-reference, which the hacker can grab very easily, says research. Of course, Apple uses encryption for this exchange, but the problem is found in the hash that the company uses. As per the researchers, the hash Apple uses can easily be cracked using “simple techniques such as brute-force attacks.”
How to Protect Your Data from the AirDrop Flaw
The simplest and the only way to secure and protect your data from this hack is by turning off AirDrop when the feature is not in use. Since the hack is possible when you have selected the “Everyone” or “Contacts Only” option, you can also prevent your data by turning AirDrop “Receiving Off” from the settings. It is especially even more important to turn off AirDrop when you have strangers close by.