Hackers only need two elements to tap into your personal data via AirDrop: Wi-Fi connectivity and proximity to your device.
Nasty MacBook with M1 malware could steal your cryptocurrencyApple’s M1 laptops face their first malware threat — here’s what we knowBest VPN services of 2021
How AirDrop exposes your personal data
Apple’s AirDrop is quick and convenient way to share files with other nearby Apple users. As long as you’re on a iOS, iPadOS or MacOS, you can wirelessly send photos, videos, music, documents and more. According to TU Darmstadt investigators, by default, AirDrop only shows receiver devices from address book contacts by using a “mutual authentication mechanism” that cross references users’ phone number and email address entries. Investigators, however, discovered a flaw in Apple’s hash functions, which is supposed to conceal and obscure personal data exchanged during the AirDrop discovery process. “Hashing fails to provide privacy-preserving discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks,” the TU Darmstadt report said.
Researchers suggest alternative to AirDrop: PrivateDrop
TU Darmstadt researchers concluded that AirDrop has a “severe privacy leak,” but this doesn’t mean Apple should eradicate AirDrop completely. Instead, the investigators propose an alternative called “PrivateDrop,” which is runs on “optimized, cryptographic private set intersection protocols” that plugs all the security vulnerabilities that currently plagues AirDrop. PrivateDrop ensures that personal data isn’t exchanged with vulnerable hash values. There is a slight delay with PrivateDrop for authentication and tightened security, but the lag is less than a second. TU Darmstadt researchers informed Apple about AirDrop’s privacy vulnerability in May 2019, but they received radio silence from the Cupertino-based tech giant. “Apple has neither acknowledged the problem nor indicated that they are working on a solution,” the report said.
How to turn off AirDrop discovery
The AirDrop privacy leak affects 1.5 billion Apple devices. For now, the best way to keep malicious actors at bay is to disable AirDrop discovery. Here’s how to do it: This will ensure that your device is undiscoverable to hackers seeking to exploit AirDrop’s vulnerabilities.