A new research has found a vulnerability in Apple Airdrop system that could leak your personal information like contact details and email-addresses and many more.
The leaking of users’ contact information has resulted from a research report that found vulnerabilities in Apple’s wireless file sharing protocol.
According to a team of academics from the Technical University of Darmstadt, Germany, it is possible to find out the phone numbers or email addresses of AirDrop users – even as a stranger.
‘We have found that the only thing they require is a Wi-Fi-capable device that’s near a target once they open the sharing pane on an iOS or macOS device.‘
Using AirDrop, users can use close-range wireless communication to transfer files between devices on Apple iOS and macOS operating systems, enabling users to transfer files between devices.
A Wi-Fi-capable device and even just being close to the target will defeat these protections, which reveals only receiver devices that are already in users’ contacts lists.
Researchers explained that AirDrop connections are attempted by the sender when the receiver transmits the receiver’s hash as part of a two-factor authentication handshake.
If the sender is recognized, the receiver transmits back its hash.
Researchers assert that the underlying cause of the problem is due to the hash functions that Apple AirDrop used to protect the exchanged contact identifiers and their physical address and phone numbers.
The malicious receiver can not only obtain the caller’s hashed contact identifiers and unscramble them using techniques such as brute-force attacks, but also obtain the phone number of the recipient, all without substantial knowledge of the sender.