Recent security research reported vulnerabilities in Apple’s file-sharing protocol that may lead to private user information such as email addresses and phone numbers falling into the hands of cybercriminals.
According to a researchers team from the Technical University of Darmstadt (Germany), even attackers who are in no way connected to the targeted victim could acquire the phone number and email address connected to the victim’s AirDrop profile. All that is needed is for the attacker to be within the proximity of the user’s device when the user opens the sharing pane of the device in order to initiate the discovery process.
AirDrop is a feature available in iOS and macOS devices that uses close-range wireless connections in order to allow users to freely transfer files between their devices.
To ensure security, the AirDrop feature only displays receiver devices from the contact list of the user by comparing the user’s phone number and email address to the entries in the contacts list on the other device. This form of authentication ensures that only trusted devices can be linked through AirDrop. However, the recently discovered bug could potentially allow any Wi-Fi capable device to allow a cybercriminal to gain knowledge of the user’s email and phone number by simply being in close proximity to the targeted device.
The researchers explain that once an AirDrop connection is initiated, the sender device transmits a hash message that represents the digital fingerprint of the device and that contains the email address or the phone number of the sender device. This way the sender device authenticates itself. This allows the receiver to recognize the sender and in turn send back its own hash.
The researchers state that the core of the vulnerability is the way Apple uses hash functions in order to mask the exchanged contact data (emails and phone numbers). During this exchange, a malicious receiver could collect the hashed identifier data and learn the user’s phone number and email without having any prior information about the victim.
One hypothetical way this vuln can be exploited is if the attacker attempts to collect the contact information of the employees of a certain organization by intercepting the AirDrop connection between their devices and the device of their manager. The researchers notified Apple about the AirDrop vulnerability all the way back in May 2019 when the flaw was first discovered and then once more in October 2020 when they came up with a potential solution labeled PrivateDrop that was supposed to fix the problem.
The PrivateDrop solution uses a private cryptographic set of intersection protocols that allow the contact discovery process to be securely performed without the danger of getting intercepted by attackers.
However, Apple is yet to take action to fix the AirDrop flaw which means that, as of right now, over 1.5 billion iOS and macOS devices are susceptible to attacks that exploit the AirDrop vulnerability. At the moment, the only viable way for users to protect themselves from such potential attacks is to disable the automatic AirDrop discovery from the settings of the feature and to not open the sharing menu.
This discovery is the latest of a research series conducted by the TU research team that has been focusing on the wireless ecosystem of Apple, seeking to find potential weaknesses and privacy issues that need to be resolved.
Back in May 2019, the TU researchers discovered weaknesses in the Wireless Direct Link of Apple – networking protocol that could allow hackers to monitor the devices of their victims, to crash them, or even to intercept the data transfer between the targeted devices by performing a man-in-the-middle attack.
Last month, the researchers also discovered two flaws in the Find My application that hackers could use to obtain information about the device’s location history for the past week.