Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby

2021-04-26 04:03

"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users - even as a complete stranger," said a team of academics from the Technical University of Darmstadt, Germany.

AirDrop is a proprietary ad hoc service present in Apple's iOS and macOS operating systems, allowing users to transfer files between devices by making use of close-range wireless communication.

"When an AirDrop connection is attempted between a sender and a receiver, the sender transmits over the air a message containing a hash, or digital fingerprint, of its user's email address or phone number as part of an authentication handshake," the researchers explained.

In a hypothetical attack scenario, a manager can open a share menu or share sheet from an Apple could use it to get the phone number or email address of other employees who have the manager's contact details stored in their address books.

Given that Apple is yet to indicate its plans to fix the privacy leakage, users of more than 1.5 billion Apple devices are vulnerable to such attacks.

"Users can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing menu," the researchers said.

News URL

http://feedproxy.google.com/~r/TheHackersNews/~3/cmx9jOnotUU/apple-airdrop-bug-could-leak-your.html

#apple #leak

Related vendor

VENDOR	LAST 12M	#/PRODUCTS	LOW	MEDIUM	HIGH	CRITICAL	TOTAL VULNS
Apple		135	582	4214	1623	2414	8833