When it comes to tech, little else is more frightening than a security breach. If a security breach happens, you risk losing precious information to the hands of unsavory characters who may use your data for who-knows-what. So, what happens when your device itself has the security flaw? Late in April, many Apple users were not too thrilled to find out that Apple’s AirDrop feature has a security flaw—and it’s hidden in plain sight.
AirDrop is an extremely convenient way for Apple users to share photos, videos, and files with one another. However, a few security researchers from the Technische Universitat Darmstadt in Germany have found an AirDrop security flaw. According to the team, users may be sending more than just their intended file, which is certainly something that nobody wants.
As per the security researchers, strangers can discover the email address and phone number of any AirDrop user who is nearby. Acquiring data is easy because all that someone would need is an Apple device, Wi-Fi connection, and physical proximity to their target. Then, they can just open up their AirDrop panel and get your information. According to the team, you don’t even need to be using the AirDrop at the moment. As long as the feature is enabled on your device, you will already be at risk of a data breach.
Apparently, this data breach is possible because of the “Contact Only” option on AirDrop. Apple reportedly uses what is known as a “mutual authentication mechanism” to verify whether or not an individual is really part of your contacts. It uses this mechanism to cross-reference the individual’s email address and number to another user’s contacts. Of course, Apple does have some security to protect this sort of information from getting out, but it’s incredibly easy to crack. According to the security researchers, a brute-force attack would do the trick.
The AirDrop security flaw isn’t indicative of Apple’s poor device development. As a matter of fact, many tech companies, big and small, experience bugs and security breaches of all sorts, and they find a way to fix it before revealing the breach to the public. However, it may allude to Apple’s lack of transparency or urgency to alleviate the situation.
The security researchers from the Technische Universitat Darmstadt say that they reported the AirDrop security flaw to Apple two years ago, in May 2019, yet the company hasn’t acknowledged the existence of the flaw or said that they were working on a way to solve it. The researchers estimate that 1.5 billion Apple devices may still be vulnerable to the AirDrop security flaw.
So far, Apple has not commented on the entire debacle, despite numerous attempts by the media to reach out to them. To provide the public with some peace of mind, the security researchers developed “PrivateDrop.” This nifty feature allows for a seamless and secure transfer of files between Apple devices without leaving people’s data vulnerable to bad actors. Currently, PrivateDrop can be accessed on GitHub.
If you like reading our content, why not show your appreciation by treating us to a cup of coffee? (or two, if you’re feeling generous)