The researchers stated that Apple’s wireless file sharing protocol could leak personal data that could expose a user’s contact information, such as email addresses and phone numbers. 

AirDrop enables file transfer between devices by leveraging the close range wireless communication found in IoS and MacOS operating systems. Thanks to this feature, the user can only show the receiving devices in the contact lists of the users with an authentication mechanism that compares the phone number and e-mail address of the user with the entries in the address book of the other user, thanks to the discovered vulnerability, it can bypass such protections with the help of Wi-Fi. 

team of academics from Darmstadt Technical University, Germany, “As an attacker, it is possible for AirDrop users to obtain their phone numbers and e-mail addresses even from an outsiderAll that malicious attackers need is a Wi-Fi enabled device and an IoS or Physical proximity to a target that starts the discovery process by opening the sharing pane on the MacOS device. ” As explained. 

 The vulnerability is due to Apple’s use of hash functions to mask contact identifiers (eg phone numbers and email addresses) exchanged during the discovery process. A malicious recipient collects hashed person identifiers and solves them for milliseconds using techniques such as brute force attacks, and it is also possible for a malicious sender to learn about the hashed person identifiers, including the recipient’s phone number, without requiring any prior knowledge of the recipient’s information. 

 More than 1.5 billion Apple devices are vulnerable to this attack, as Apple has not released any updates to fix the privacy leak. Users can protect themselves simply by disabling AirDrop discovery in the system settings and not opening the share menu. 

Reference:
youtube.com

KVKK, ISO 270001, Bilgi ve İletişim Güvenliği Rehberi, ISO 27701, Bilgi Güvenliği, Siber Güvenlik ve Bilgi Teknolojileri konularında destek ve teklif almak için lütfen

Previous PostNext Post