AirDrop security flaw could show phone number and email address to strangers
German researchers at TU Darmstadt have discovered an AirDrop security flaw that could allow the Apple close-range sharing feature to be exploited to allow strangers to see phone numbers and email addresses for anyone within Wi-Fi range who open the Share Sheet on iOS or macOS.
According to the researchers, Apple was made aware of the security issue in May of 2019 and has yet to fix the vulnerability, leaving more than 1.5 billion Apple devices open to having private information shared without knowledge.
The researchers claim that as an attacker, the flaw makes it possible to see the phone numbers and email addresses of AirDrop users – even as a complete stranger. “All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.”
Since reporting the issue to Apple, the researchers say they have built their own fix called “PrivateDrop” to replace the flawed original AirDrop design. “PrivateDrop is based on optimized cryptographic private set intersection protocols that securely perform the contact discovery process between two users without exchanging vulnerable hash values.”
You can see the full report from Germany’s Technische Universitat Darmstadt here.