Security News > 2021 > April > Apple AirDrop Bug Could Leak Your Personal Info to Anyone Nearby
"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users - even as a complete stranger," said a team of academics from the Technical University of Darmstadt, Germany.
AirDrop is a proprietary ad hoc service present in Apple's iOS and macOS operating systems, allowing users to transfer files between devices by making use of close-range wireless communication.
"When an AirDrop connection is attempted between a sender and a receiver, the sender transmits over the air a message containing a hash, or digital fingerprint, of its user's email address or phone number as part of an authentication handshake," the researchers explained.
In a hypothetical attack scenario, a manager can open a share menu or share sheet from an Apple could use it to get the phone number or email address of other employees who have the manager's contact details stored in their address books.
Given that Apple is yet to indicate its plans to fix the privacy leakage, users of more than 1.5 billion Apple devices are vulnerable to such attacks.
"Users can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing menu," the researchers said.
News URL
http://feedproxy.google.com/~r/TheHackersNews/~3/cmx9jOnotUU/apple-airdrop-bug-could-leak-your.html