Apple Gives No Response to Researchers Raising Flags Over AirDrop Vulnerability

Apple reportedly has a few particularly enviable features that some other platforms like Android are currently still trying to implement. The simplicity and convenience that Apple offers isn't the only thing buyers look for but also its presumed security. Despite a certain vulnerability found in AirDrop, Apple gives no response to the situation.

Apple AirDrop Vulnerability

While AirDrop was reportedly referred to as really secure and safe for users to use, it seems like there is actually a huge hole, which hackers can enter. According to SlashGear, unfortunately, it still does not seem like AirDrop is really as secure as people think it is.

The SlashGear article notes that any hacker within range can easily steal information like phone numbers and email addresses when people would open the share sheet in iOS or macOS. Although currently a little more common, AirDrop uses something that was once just a novel technique. This would be to employ both the ad-hoc Wi-Fi and Bluetooth in order to scan for the devices and establish a certain connection between both of them.

MacOS or iOS Share Sheet Vulnerability

Users still have the option to share only with their own contacts or with people with either a Mac or iPhone or they can choose not to share to anyone at all. Unfortunately, according to arsTechnica, the particular flaw that was found by security researchers still does not require actually using the AirDrop in order to trigger the leak of the user's personal information.

All that the users would need to do is simply to start the sharing process which would then bring up the macOS or the iOS share sheet. Behind the scenes, the AirDrop would then actually start scanning for other devices by broadcasting a certain encrypted packet of data which would contain the sender's phone and their email address.

Read Also: Apple Hacked By Teenager Who Placed 90 GB Of Secure Files In A Folder Named 'Hacky Hack Hack'

Apple Gives No Response

The intention is to thoroughly check which devices around the vicinity have the sender's contact already saved in order to qualify as a possible recipient. Unfortunately, that particular encryption apparently isn't quite as strong and it is still almost "too trivial" for professional hackers to perform a certain brute-force attack in order to decrypt numbers and email addresses.

Another huge problem is that hackers now only have to sit around and wait for certain users with a Mac, an iPhone, or just a simple iPad to share anything for them to intercept the data. These particular phone numbers and email addresses can then be used later on for some other attacks just like phishing scams.

The research had reportedly disclosed this particular vulnerability to Apple back in 2019 and had even provided a particular open source reference implementation of what could have been a more secure alternative. Apple reportedly hasn't replied to date and could see the situation as not that trivial to fix such an integral part of its overall iOS and macOS experience.

Related Article: Someone Finally Hacks Face ID, But Should You Be Worried?

This article is owned by Tech Times

Written by Urian B.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics