Researchers have discovered vulnerabilities in Apple’s Airdrop authentication mechanism that could reveal a user’s phone number and email address.
Apple’s AirDrop was a perfect example of what seamless file transfer between devices should be. But as convenient as it may seem, it can also be dangerous.
A team of researchers from the Laboratory for Secure Mobile Networks (SEEMOO) and the Engineering Group for Cryptography and Privacy (ENCRYPTO) at the Technical University of Darmstadt has scrutinized AirDrop’s authentication mechanism and discovered a major flaw.
In the news: Apple announces a $29 AirTag to help find lost items with Find My Network.
By default, AirDrop shows the receiving devices from your phone’s contacts. This means that to ensure that the recipient is a contact, AirDrop uses a mutual authentication mechanism that compares the phone number and email address in the sender’s contact list with the recipient’s address.
The problem here is that Apple uses features to trick authentication data – phone numbers and email addresses. Hashing is no longer a secure method of encrypting data, as it is relatively easy to reverse or decrypt hash values using brute force attacks or other simple techniques.
The AirDropauthentication process can be hijacked by a nearby intruder. | The new iMac was announced earlier this week.
If you were an attacker in this scenario, you could easily access these phone numbers and email addresses in a hashed form that you could later decipher. All you need is a device with Wi-Fi and proximity to the Apple device that activated the swap.
In the news: Signal’s CEO reports security vulnerabilities found in Cellebrite spyware.
To solve this problem, the research team developed a secure version of AirDrop called PriavteDrop. This new version is based on cryptographic protocols that are optimized for intersecting private sequences and do not use hash values to exchange authentication data.
The new protocol avoids the use of hash functions and guarantees the security of the data. | The new iPad Pro was also announced at Apple’s spring event earlier this week.
This new implementation is also fast, which means that the ease and speed of transferring files via AirDrop is not significantly affected, as the authentication time is well under a second.
Apple was notified of this vulnerability back in May 2019. However, to date they have not identified and corrected the problem. This poses a risk to Apple’s 1.5 billion device users.
The only way to protect yourself in this scenario is to disable AirDrop detection and not use the sharing menu, which effectively disables the feature on your phone.
A detailed description of the study results will be presented at the USENIX Safety Symposium in August.
Apple expands its advertising activities to circumvent new privacy rules
On the other hand, we’d love to talk about Apple’s war on advertising and user tracking, but it seems to be more about the company’s business interests than the well-being of its customers.
Apple’s new privacy rules prohibit apps from tracking iPhone users without their explicit permission. Since most users are likely to deny that they are being tracked, this poses a serious threat to the mobile advertising industry.
The company offers search ads for better results and now plans to sell a second location for suggested apps. The move will take place once the new data protection regulations are implemented.
In the news: The ad campaign, which ran on 120 ad servers, reached millions of devices.
The one who writes/cuts/films/owns all the technology, and when he’s not around, switches to virtual machine races. You can contact Yadullah at [email protected], or follow him on Instagram or Twitter.
airdrop hack 2020can you get hacked through airdropiphone hacked remotelyapple hacked 2020iphone hacked, how to fixiphone hack update,People also search for,airdrop hack 2020,can you get hacked through airdrop,iphone hacked remotely,apple hacked 2020,iphone hacked, how to fix,iphone hack update,iphone hacked 2021,iphone hack 2021