A new critical bug has recently been detected in Apple AirDrop that could become a severe security hazard for user data.
Critical AirDrop vulnerability:
Security researchers at Technische Universität Darmstadt, Germany have detected an Apple AirDrop security flaw.
They noted that by opening an iOS or macOS sharing panel, the flaw could result in the exposure of sensitive, private data to people close by range.
It has also been observed that the AirDrop flaw can compromise user data even without initiating a file transfer.
Security sources analyzing the AirDrop security flaw have stated that the bug can leak users’ phone numbers and email IDs to anyone who is present in the WiFi range of the user’s Apple device.
Apparently, the security researchers at the Technische Universität Darmstadt had raised this issue with Apple back in 2019, however, the tech giant is yet to resolve the flaw.
Experts are of the opinion that the problem seemingly persists due to the weak hashing of the phone numbers and email IDs.
Weak hashing fails to provide privacy-preserving contact discovery and has values that can be reversed using simple techniques.
Expert security reports also indicated that as an attacker, it is easily viable to find out the phone numbers and email addresses of AirDrop users. All that is required is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.
Apple yet to acknowledge:
It is rather concerning to know that about 1.5 billion Apple users are affected by the AirDrop security flaw.
Apple, however, is yet to acknowledge and resolve the critical security hazard.
Experts have noted that at the moment, the only solution to this issue is to temporarily stop using AirDrop, at least until Apple fixes the flaw.