Join our subscribers list to get the latest news, updates and special offers directly in your inbox
The vulnerability in AirDrop was first uncovered by researchers at the Technical University of Darmstadt. They found that the wireless sharing function of AirDrop could be exploited by attackers using a Wi-Fi-capable device in close proximity to the target. This flaw allowed for the unauthorized access to users' phone numbers and email addresses.
Also check Exploring the Bowers & Wilkins 607 S3: A Compact Sonic Marvel
Upon discovering the vulnerability, the German researchers promptly informed Apple. However, the company did not take any steps to rectify the issue. Two years later, the same research group proposed a fix for the problem, but Apple remained unresponsive.
The consequences of Apple's inaction became evident when Beijing judicial authorities, in collaboration with the Chinese tech firm Wangshendongjian Technology, used the vulnerability to track individuals sending "inappropriate information" via AirDrop in the Beijing subway.
AirDrop, an Apple-exclusive protocol, allows for direct wireless file sharing between nearby Apple devices, even offline, through Bluetooth and peer-to-peer Wi-Fi. The vulnerability was exposed particularly in AirDrop's "Contacts only" mode. The Darmstadt researchers discovered that the privacy of contact data wasn't adequately protected during the process of determining if two AirDrop users were contacts.
Wangshendongjian Technology exploited the AirDrop vulnerability by circumventing the hash values associated with the sender's device name, email, and phone number. They created a rainbow table of phone numbers and email accounts, converting encrypted data back to original text and pinpointing the sender's information.
The exploitation of AirDrop's vulnerability in China confirmed the TU Darmstadt researchers' initial warning. They had cautioned that AirDrop's hashing process was susceptible to simple reverse-engineering techniques like brute-force attacks, which could compromise users' privacy.
The revelation of China's ability to hack AirDrop has sparked concern in the United States. Senator Marco Rubio, a leading member of the Senate Intelligence Committee, urged that Apple be held accountable for not safeguarding its users against such security breaches. This incident highlights the potential for the Chinese government to target Apple users perceived as adversaries.
Benjamin Ismail from Greatfire.org, an organization monitoring internet censorship in China, emphasized the need for Apple's transparency regarding its response to this breach. The exploitation of the AirDrop vulnerability underscores the critical importance of tech companies addressing security flaws promptly and transparently.
The exploitation of AirDrop's vulnerability serves as a wake-up call to the tech industry about the consequences of ignoring security warnings. For Apple, this incident not only damages its reputation for user privacy and security but also highlights the broader implications of digital vulnerabilities in an increasingly interconnected world. As technology continues to advance, so too must the commitment to protecting user data and privacy.
Nov 11, 2023 1022
Nov 30, 2023 644
Nov 28, 2023 566
Feb 7, 2022 486
Nov 1, 2021 448
Jun 22, 2023 228