Click to Skip Ad
Closing in...
  1. Best Robot Mop 2021
    08:29 Deals

    The world’s first self-cleaning robot mop is $100 off at Amazon – and I’m obsessed

  2. Best Meat Thermometer 2021
    09:31 Deals

    The gadget that helps you cook perfect steak is $33 at Amazon, a new all-time low

  3. Instant Pot Sale
    13:23 Deals

    Amazon’s best-selling Instant Pot has 133,000 5-star reviews – today, it’s only $64

  4. Best Amazon Deals Today
    07:58 Deals

    5 best-sellers at Amazon that won’t stop selling out

  5. Amazon Deals
    10:02 Deals

    Today’s top deals: $14 nonstick pan, $90 Wi-Fi 6 router, $25 Roku, $8 wireless charger, best-kept kitchen secret for $33, more




Apple has yet to fix a scary security flaw that hackers can use in AirDrop

April 23rd, 2021 at 6:06 PM
AirDrop security flaw

Apple has made user privacy a priority for years, pushing even further with its latest iOS update by forcing all app developers to ask iPhone owners if they want to be tracked. These are positive steps toward putting users in control of their data, but according to a new report from security researchers at Germany’s Technical University of Darmstadt, Apple has failed to address a flaw that the university says it made the company aware of in 2019.

The security flaw that the researchers discovered is within AirDrop, which is a feature that allows iPhone, iPad, and Mac users to quickly and easily share photos and documents wirelessly. As the researchers note, you can make it so AirDrop only displays devices owned by people who are already in your contacts. In order to determine if someone is in your contacts, “AirDrop uses a mutual authentication mechanism that compares a user’s phone number and email address with entries in the other user’s address book.” This is where the security flaw comes into play.

Today's Top Deal Amazon has real diamond stud earrings for under $60 - and the reviews are off the charts! Price:$59.90 Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Here is what the researchers found when they looked at this mechanism:

As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.

The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.

The research team that found this vulnerability actually developed an alternative solution called “PrivateDrop” which they believe could replace the system Apple currently uses. As the team explains, “PrivateDrop is based on optimized cryptographic private set intersection protocols that can securely perform the contact discovery process between two users without exchanging vulnerable hash values.” With the new system, AirDrop would be more secure, and Apple wouldn’t be sacrificing any of the speed that makes AirDrop such a useful feature.

Unfortunately, it’s unclear when or if anything will ever be done about this issue. The German researchers say that they first informed Apple about the flaw in May 2019, but the company has yet to acknowledge the issue or announce that it is working on a fix. Therefore, 1.5 billion Apple devices continue to be vulnerable to attacks that exploit this flaw, and the only way to fully protect yourself is to disable AirDrop discovery altogether.

If you want to turn AirDrop off, just head to Settings > General > AirDrop, and tap Receiving Off.

Today's Top Deal Amazon has real diamond stud earrings for under $60 - and the reviews are off the charts! Price:$59.90 Available from Amazon, BGR may receive a commission Buy Now Available from Amazon BGR may receive a commission

Jacob started covering video games and technology in college as a hobby, but it quickly became clear to him that this was what he wanted to do for a living. He currently resides in New York writing for BGR. His previously published work can be found on TechHive, VentureBeat and Game Rant.




Popular News