AirDrop allows you to transfer files quickly and easily between devices manufactured by the brand, such as iPhone, iPad and Mac (among others). To do this, it uses Bluetooth LE technology, which allows you to transmit, discover and negotiate connections. It also uses the point-to-point Wi-Fi connection (Wi-Fi peer-to-peer) in order to transfer data. This makes file transfers truly fast and secure, as well as energy efficient. However, it is not 100% safe as demonstrated by the vulnerability found that affects this system.
Although AirDrop makes use of various protocols and encryption mechanisms to guarantee the security of communications between devices, a team of researchers has discovered a security flaw that can lead to danger the personal data of users. It has been discovered by experts from the Secure Mobile Networks Laboratory (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) of the Technical University of Darmstadt (Germany).
They claim that Apple was informed of this vulnerability in May of 2019. Almost two years later, the Cupertino company has not recognized the problem or proposed a solution. This means that more than 1.500 billion users are vulnerable to a possible privacy attack.
This means that users of more than 1.500 billion Apple devices remain vulnerable to the privacy attacks described. The users can only be protected by disabling AirDrop discovery in the system settings and refraining from opening the sharing menu
The problem is due to the way AirDrop checks if a user is a contact. This is a mechanism by which AirDrop compares the phone number and email of a potential AirDrop recipient with the entries stored in the address book. Although this data is encrypted, Apple uses a mechanism of hash somewhat weak. This makes it possible for bad actors to reveal personal information.
