Privacy Flaw Discovered In Apple’s AirDrop Function
A team of German security researchers have highlighted a security flaw that allows the phone number and email addresses of AirDrop users to be obtained by hackers, even if you don’t actually send a file.
Researchers from the Technical University of Darmstadt claim they informed Apple of the privacy breach two years ago, but Apple have neither acknowledged the issue, nor moved to fix it.
“As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger,” they explain.
“All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.”
Although Apple are making a huge stand against Facebook’s nefarious data collection methods this week, it seems they are less concerned about such a breach on their own services.
“We informed Apple about the privacy issues in May 2019 via responsible disclosure and shared our PrivateDrop solution in October 2020,” the researchers continue. “As of April 20, 2021, Apple has not indicated that they are working on a solution.
“This means Apple users are still vulnerable to the outlined privacy attacks. They can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing pane.”