Home Tech IOS users should immediately turn off AirDrop

IOS users should immediately turn off AirDrop

1
0

User’s phone number and email may be exposed because of security flaws in AirDrop. You should only turn it on when you need to transfer files and off by default to wait for the patch.
According to the Mashable The Mobile Network Security Laboratory (SEEMOO) and the Crypto and Privacy Engineering Group (ENCRYPTO), at the Technical University of Darmstadt, have warned Apple about this dangerous vulnerability since May. 2019 but the company still ignored it. About 1.5 billion devices are still unpatched.

Hackers can obtain sensitive user’s information through the vulnerability in AirDrop. Photo: TU Darmstadt. “An attacker could obtain a user’s phone number and email through AirDrop,” the team said. “They just need to use a device with Wi-Fi capable, reach the target at close range to start the mining process by opening the sharing feature on iOS or macOS device.” According to the 9to5mac There are two steps in the mechanism of AirDrop action leading to this critical vulnerability. First, in order to provide users with the option “Contacts Only” in the AirDrop sharing feature, Apple devices silently collect information on devices within the connection range. To see if the “other party” is in the contacts list, AirDrop uses a mutual authentication mechanism, comparing the user’s phone number and email address with the entries in the address book. The device authentication step in the directory can be exploited to get information. Photo: Monica Chin. In the next step, data is exchanged for both parties. Despite encryption, Apple uses a relatively weak hashing mechanism. Security experts can decompile the hash using a simple technique like a brute-force attack. The team addressed the AirDrop vulnerability with a more secure approach, they named PrivateDrop. However, Apple did not move after being warned of the risk of personal information leaks and privacy breaches. In the immediate future, experts from the Technical University of Darmstadt advise users to protect themselves by disabling AirDrop discovery in the system settings and not opening the share menu. The detailed results of the study will be presented at the USENIX security Symposium taking place in August. Why does iPhone not have USB-C port? In the past 5 years, USB-C has become the suitable connector for a wide variety of devices such as Android phones, laptops and tablets. However, Apple still doesn’t make iPhones with USB-C ports.