Why iPhone owners should turn off AirDrop. Now.
Not everything Apple makes "just works" — at least not as intended, anyway.
Security researchers exploring AirDrop, the iOS and macOS feature that lets users wirelessly share files via WiFi and Bluetooth, reported Wednesday on a flaw they say exposes users' emails and phone numbers. Unless you want every creep on the street to be able to secretly grab your contact info, it's a bit of a nightmare.
The researchers, a team made up of members of the Secure Mobile Networking Lab (SEEMOO)and the Cryptography and Privacy Engineering Group (ENCRYPTO), claim they alerted Apple to the flaw in May of 2019. However, according to them, the company never responded.
"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," reads Tuesday's press release. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device."
We reached out to Apple to confirm the findings and to ask if indeed it was alerted to the vulnerability in 2019. We received no immediate response.
Notably, this is not the first questionable privacy situation tied to AirDrop. In 2019, researchers discovered that they were able to determine users' phone numbers based on the partial hashes AirDrop sends out. It's not clear if that concern was ever addressed by Apple, especially as the vulnerability disclosed this week appears similar in nature.
"The discovered problems are rooted in Apple's use of hash functions for 'obfuscating' the exchanged phone numbers and email addresses during the [AirDrop] discovery process," explains Tuesday's press release. "However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks."
AirDrop is also notorious for its association with digital harassment. Specifically, harassers used the feature for cyber-flashing — wherein a stranger bombards a victim's phone with unwanted photos of a sexual or graphic nature — and sending images associated with white supremacists to people just going about their own business in public.
Tweet may have been deleted
Tweet may have been deleted
Of course, you don't have to deal with any of this.
If you'd rather avoid having your iPhone expose your contact info to creeps and protect yourself from cyber-flashers, you can turn AirDrop off (and disable Bluetooth while you're at it).
SEE ALSO: Apple knows AirTags can be abused and is trying to get ahead of it
It's not a permanent thing — you can always briefly turn AirDrop back on if you need it for some reason — but disabling the feature will provide you with some peace of mind, and hey, that "just works."
Related Video: It's surprisingly easy to be more secure online
-
Pragmocracy NowNorth Korean leader anxious about military coupKorea's Navy receives new landing shipWatch Series 9: Apple's lastThe Astounding World of AutomataThis Android malware turns off fingerprint unlock to steal your pinBest Kindle deal: Save 20% on the Kindle Scribe in every configurationMoon, Trump hold last minute talks on US中山古镇:到苏炳添家乡看“村BA”,来一场说走就走的美食之旅Bose QuietComfort Ultra earbuds deal: Save $50 at Amazon
下一篇:Apple Intelligence is now a little easier to get outside the U.S.
- ·US Open 2024 livestream: How to watch US Open tennis for free
- ·Great Barrier Reef brought to politicians' doorstep in artful protest
- ·Police bust porn site, book 87 suspects
- ·S. Korean fishing boat apprehended unlawfully by NK military in early Nov.: Coast Guard
- ·Sinner vs. Michelsen 2024 livestream: Watch US Open for free
- ·Koreas begin military talks to discuss easing tensions
- ·Trump, Kim chat over lunch of beef short ribs
- ·南天新村 5幢楼封顶
- ·Upgrade Your Monitor, Not Your GPU
- ·Bose QuietComfort Ultra earbuds deal: Save $50 at Amazon
- ·South Korea 'flexible' on timing, format of ending Korean War: FM
- ·Students in US express hope and skepticism about Trump
- ·Yoon, US Senate's armed service committee chief discuss alliance, N.K. threats
- ·宝兴县人民法院主动推进依法治县工作 建设“法治宝兴”
- ·Michael B. Jordan announces on Instagram that he'll be adopting inclusion riders
- ·Mashable takes Austin: Here’s where you can find the Mashable team during SXSW 2018
- ·海丰芥蓝入选全国名特优新农产品名录
- ·Govt. conducts military reshuffle to enhance readiness posture, boost defense reform
- ·Another nor'easter set to cripple travel, trigger thundersnow
- ·South Korea 'flexible' on timing, format of ending Korean War: FM
- ·Arshad Nadeem receives Hilal
- ·清远赏花图、美食图、导购图,解锁这座“好吃、好看、好玩”的城市!
- ·Jaguar's electric SUV is actually reasonably priced, cheaper than Tesla Model X
- ·量贩式零食 走俏雅安
- ·How do you make safe, cheap nuclear reactors? Bury them a mile deep
- ·Students in US express hope and skepticism about Trump
- ·18 Slightly Submerged Architectural Wonders
- ·This little dog is a bigger soccer fan than you
- ·Top court confirms acquittal of ex
- ·Jaguar's electric SUV is actually reasonably priced, cheaper than Tesla Model X
- ·提前谋划部署准备秋季开学
- ·Over 180 evacuate Myeong
- ·Pyramid lenses catch light from any angle to boost solar cell efficiency
- ·Does ordering delivery during a snow storm make me a trash
- ·尝“鲜”盛宴,等你来探!2024年清远西牛麻竹笋尝鲜季即将启幕
- ·This little dog is a bigger soccer fan than you