Nowadays, everything is in a cloud. In the last couple of years, tech companies have been in a relentless pursuit of new wireless technologies that would improve the information transfer process. Unfortunately, anytime data is shared via an open network, there's always the risk that you could get hacked or become the target of a security breach that compromises your privacy.
Recently, security research teams from the Secure Mobile Networking Lab (SEEMO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) investigated Apple's Airdrop feature, which allows iOS and macOS users to seamlessly share files via Wi-Fi and Bluetooth. According to their latest report, a flaw was discovered that can expose user information, including emails and phone numbers. When the flaw is exploited, strangers can easily obtain your personal details without you even knowing.
Apple was alerted of this flaw back in 2019, but the company didn't make any changes in response. According to findings by TU Darmstadt researchers, hackers can decode phone numbers using the partial hashes that AirDrop emits. Their tests demonstrated that the hashing "fails to provide privacy-preserving contact discovery" since hash values can be quickly reversed using simple techniques. With this in mind, many iPhone or Mac users who frequently use AirDrop could be putting themselves in danger every time they send or receive files.
"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users, even as a complete stranger," says a press release from Tuesday. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device."
AirDrop also allows other iPhone or Mac users to bombard your device with inappropriate images. Such is a form of harassment that has been coined "cyber-flashing." There have been many cases where iPhone users received unwanted photos from strangers that were graphic and offensive in nature, simply because they had left their AirDrop turned on.
At this point in time, it's unclear whether Apple will rework the feature to make it safer and more secure. For now, AirDrop users should turn it off when it is not being used or disable Bluetooth altogether. You can turn them back on when you need to transfer files, but in any other scenario, keeping AirDrop inactivated can protect you from creeps and cyber-flashers who may want to do you harm.