Apple Airdrop vulnerability to leak personal details of users

    Cybersecurity- Insiders

    Apple Airdrop users you better know that the service is having a vulnerability that could leak personal identifiable information of users to hackers. And what’s interesting is that the flaw was detected in 2019, but wasn’t fixed in any way by the iPhone maker till date.

    To those uninitiated, Airdrop is a wireless technology offered by Apple Inc that enables users to share or transfer files via Bluetooth or Wi-Fi.

    Researchers from Germany-based Technical University of Darmstadt discovered that hackers are using a susceptibility in the service to access information such as phone numbers and email addresses of a user/s.

    Security analysts claim that the trouble exists with the utilization of hash functions that help in exchanging email addresses and phone numbers while two devices try to discover themselves for sync on a respective note.

    However, the good news is that users who set their device settings to be accessed by ‘Everyone’ are only at risk and not all. So, just set the settings of Airdrop discovery to “no one” in the settings menu that helps block the hackers from accessing details from the sharing pane.

    Recently, a white paper was released by the researchers group of five members that consisted experts from the University’s Secure Mobile Networking(SEEMOO) Lab and the Cryptography and Privacy Engineering Group (ENCRYPTO).

    Note- Airdrop service has been pre-loaded onto over 1.5 billion devices that includes MacOS and iOS devices. In Aug’19, Airdrop vulnerability was discovered by an independent researcher who later confirmed that the flaw was allowing hackers to access vital information such as battery status, Wi-Fi status, buffer availability, OS Version on which the device was operating and phone status.

    Ad
    Join over 500,000 cybersecurity professionals in our LinkedIn group "Information Security Community"!
    Naveen Goud
    Naveen Goud is a writer at Cybersecurity Insiders covering topics such as Mergers & Acquisitions, Startups, Cyber Attacks, Cloud Security and Mobile Security

    No posts to display