IPhone users beware: Security researchers are currently warning of a serious vulnerability in Apple’s popular AirDrop feature. Attackers can exploit a protocol bug here to access user data.
Apple users can easily share files like images or videos with each other wirelessly using the AirDrop feature. A new study TU Darmstadt is now proving, however, that even uninvited guests can access user data through a weak point in the software.
To make sure files are only shared with contacts, AirDrop checks before transfer iPhones or iPads, the cell phone number and email address of the other person and compares them with the data stored in the contact book.
However, as the researchers demonstrated, attackers can use this mechanism to access user data, even if it is not stored as a user contact. All the attackers need is a WiFi-enabled device that is close to the victim.
Apple: security breach in iPhones and company known for two years
If the sharing menu is opened on iPhones or iPads, the respective contact details are hashed; this ensures authentication on other devices with AirDrop. However, as the researchers write, this is not sufficient protection for user data. Attackers could count the encrypted data in milliseconds and therefore exploit it.
According to security researchers, this security breach has been known at Apple for about two years, but has yet to be closed and is still active in the latest versions of iOS and macOS. According to the researchers, authentication is basically possible without the insecure hash value, so they have developed their own more secure authentication protocol.
From now on, users only have the option to completely block AirDrop via the “Restrictions” item in the “Screen Time” menu. Reception via AirDrop can basically also be disabled with iOS and Co., but when opening the share menu, the contact details are still sent in this case.
Introvert. Beer guru. Communicator. Travel fanatic. Web advocate. Certified alcohol geek. Tv buff. Subtly charming internet aficionado.