Apple bug allows hackers to steal phone numbers and email addresses from AirDrop users

One of the most useful features on an Apple device is AirDrop. It allows users of Apple devices to seamlessly switch data between them.


AirDrop now has a bug that allows hackers to steal users’ phone numbers and email addresses, according to reports.


According to a study by the Technical University of Darmstadt, AirDrop has a flaw that could enable a stranger to learn the phone numbers and email addresses of AirDrop users.


In a blog post, the researchers explained that all they need is a Wi-Fi-enabled device and physical proximity to a target that starts the discovery process by opening the sharing pane on an iOS or macOS device.


Also read: REvil ransomware gang threatens to leak Apple products blueprints


For clarity, AirDrop compares a user’s phone number and email address to entries in the address book of the device with which it is about to exchange data using a shared authentication mechanism.


The researchers discovered that by being close to the target and using a Wi-Fi-enabled device, hackers can gain access to this data. The detection process will be started by opening a file-sharing panel on an iOS or macOS device.


“The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process,” researchers cited in the blog post, adding that hashing fails to provide ‘privacy-preserving communication discovery,’ and that hash values can be reversed using simple brute-force techniques.


To put it another way, hackers can easily decipher the encrypted data containing phone numbers and email addresses.



You might also like: Beware: Ficker-info stealing malware is pretending to be Microsoft Store