A Chinese state-backed institution claims to have cracked Apple’s AirDrop feature and used it to identify malicious senders of illegal content.
The vulnerability will let the agency know the names and email addresses of the sender and receiver, who use the AirDrop for sending files. Apple is yet to respond to this claim.
Exploiting AirDrop to Identify Users
Apple’s AirDrop, the file transfer feature that lets Mac and iOS users exchange media and passwords over Wi-Fi and Bluetooth, uses Transport Layer Security(TLS) encryption to make the transfer secure. While we assume the process is safe, at least that’s what Apple claims, the Beijing Municipal Bureau of Justice says otherwise.
The Chinese agency claims to have found a way to bypass Apple AirDrop’s TLS encryption and reveal identifying information about the participants in a data transfer. Exploiting a bug in the encryption system, BMBJ says the iPhone device logs can be analysed to create a “rainbow table“, which allowed them to convert hidden hash values into the original text and correlate the phone numbers and email accounts of AirDrop participants.
BMBJ uses this “technological breakthrough” to help authorities identify several criminal suspects who exploit AirDrop to spread illegal content. Apple is yet to acknowledge this claim.
This isn’t the first time someone has found a security flaw in AirDrop. German researchers in April 2021 found that the mutual authentication mechanism for sharing files is available on each other’s address book, which could be used to expose private information. Researchers claimed that Apple was informed of the flaw in May 2019 but did not get a fix until now.
AirDrop in China was also limited in November 2022 after anti-government activists exploited the feature to spread political leaflets. This led Apple to restrict AirDrop to ‘Contacts Only‘ by default and the option to turn on for “Everyone” was limited to 10 minutes. This restriction was later extended to all users across the world with iOS 16.2 to cut down on spam content spread in crowded areas, says Apple.
Other Trending News:- News
