Since 2019, the team of the Technical University of Darmstadt has sent to Apple the report on the poor security findings on its AirDrop feature. But so far, Apple has not made a move to fix it.
AirDrop is a feature that allows users to share files with Apple devices in the contacts. AirDrop uses a “mutual authentication mechanism” to compare the user’s phone number, email with the phonebook of the other device, thereby verifying that someone is in the contact list or not.
Based on how this works, hackers can use “a device that is Wi-Fi capable and near the target” to “force” an Apple device with AirDrop on to authenticate, revealing the phone number. and email users who do not have the need to exchange data with any nearby machines.
Even though Apple encrypts that information, it uses a relatively weak hashing mechanism, so using simple techniques like brute-force attacks can reverse the hash value.
A report by the research team of the Technical University of Darmstadt also shows that about 1.5 billion Apple devices are likely to be attacked by an attacker to obtain personal information through AirDrop.
Currently, Apple has not yet offered a solution to completely overcome this problem. The team warns users to completely turn off AirDrop when there is no need to use it to ensure the safety of personal information.