One of the advantages of buying into Apple’s ecosystem is that you get to use brand-exclusive features such as AirDrop, a quick and easy way for users to transfer files to and from Apple devices, like an iPhone to an iPad, an iPad to a Mac, and so on. However, it might not necessarily be the most private of features.
This is because according to researchers, Apple’s AirDrop feature can actually be exploited where user information can be leaked and stolen. To Apple’s credit, AirDrop does have certain security measures in place to help hide user information. This is done through a partial cryptographic hash which is used to “advertise” the presence of the device and to seek out other devices nearby that also have AirDrop on.
The hashes also contain information such as the person’s number and email address, and while the hashes cannot be converted back into cleartext, the researchers found that by using a brute-force attack, this information can eventually be guessed.
Unfortunately, it has been about 2 years since Apple was notified of the issue and they have yet to do anything about it. The researchers presented Apple with a reworked version of AirDrop that would be more secure, but the company has made no indication that they will adopt it. While we’re not sure how high the chances are of your information being stolen during an AirDrop transfer, the only way to avoid this is to turn the feature off, or at the very least make sure that you’re making the transfer in a place you’re familiar with, like your home, and with people you’re familiar with.
Filed in . Read more about iOS, macOS and Privacy. Source: arstechnica