AirDrop, which is Apple’s easy way of sharing files, is prone to a security flaw that can allow people access to others’ personal data such as an email address and a phone number.
The vulnerability, which is still out there in the wild, can cause security issues to over 1.5 billion Apple users Here’s what it is all about?
AirDrop can leak users’ personal data
As per researchers at Germany’s Technische Universitat Darmstadt (via 9to5Mac), it is suggested that any person can access Apple users’ email addresses and mobile numbers, even if you are a stranger. And, this is possible simply by accessing the sharing pane on an Apple device when the sharing process is initiated.
This just requires the presence of a stable Wi-Fi connection and the proximity between the two Apple devices.
It is said that security flaw arises due to two reasons. The problem is caused due to Apple’s process of finding who is a contact. AirDrop uses a “mutual authentication” process to compare the phone numbers and email addresses of a possible receiver with that of the details stored in a user’s contact list.
Another reason is Apple’s rather weak hashing system despite the encryption of data. This can allow hackers to access people’s personal details.
Researchers have notified Apple of the flaw, which was discovered way back in 2019. With an aim to curb the problem, the research team also came up with a possible solution called PrivateDrop.
It is revealed that PrivateDrop is a solution, which is based on optimized cryptographic private set intersection protocols. It allows for the secure transfer of files between users without any of the aforementioned flaws. Although, there is an authentication delay by a second.
However, Apple has neither acted upon it nor has done anything to fix the issue so far.
We hope Apple comes with a fix to this issue, which still affects billions of people.
No comments:
Post a Comment