Hackers can obtain sensitive user’s information through the vulnerability in AirDrop. Photo: TU Darmstadt. “An attacker could obtain a user’s phone number and email through AirDrop,” the team said. “They just need to use a device with Wi-Fi capable, reach the target at close range to start the mining process by opening the sharing feature on iOS or macOS device.” According to the 9to5mac There are two steps in the mechanism of AirDrop action leading to this critical vulnerability. First, in order to provide users with the option “Contacts Only” in the AirDrop sharing feature, Apple devices silently collect information on devices within the connection range. To see if the “other party” is in the contacts list, AirDrop uses a mutual authentication mechanism, comparing the user’s phone number and email address with the entries in the address book. The device authentication step in the directory can be exploited to get information. Photo: Monica Chin. In the next step, data is exchanged for both parties. Despite encryption, Apple uses a relatively weak hashing mechanism. Security experts can decompile the hash using a simple technique like a brute-force attack. The team addressed the AirDrop vulnerability with a more secure approach, they named PrivateDrop. However, Apple did not move after being warned of the risk of personal information leaks and privacy breaches. In the immediate future, experts from the Technical University of Darmstadt advise users to protect themselves by disabling AirDrop discovery in the system settings and not opening the share menu. The detailed results of the study will be presented at the USENIX security Symposium taking place in August. Why does iPhone not have USB-C port? In the past 5 years, USB-C has become the suitable connector for a wide variety of devices such as Android phones, laptops and tablets. However, Apple still doesn’t make iPhones with USB-C ports.

AirDrop is very useful for Apple ecosystem users but is being warned of being insecure. Experts said, AirDrop allows users to share files with Apple devices in contacts. During the process of verifying the connection between devices, AirDrop uses a “mutual authentication mechanism” to compare the user’s phone number and email with the entries in the other device’s phonebook. Basically, data exchanged via AirDrop is encrypted by Apple, but this security mechanism is assessed by experts as relatively weak. In fact, Apple just scrambles the phone numbers and email addresses exchanged in the process of transmitting through AirDrop. This security mechanism can be easily circumvented using simple techniques like brute-force attacks. Also according to security experts at Technical University of Darmstadt (Germany), the above vulnerability was discovered in May 2019 and has been notified to Apple, but Apple still has no specific patch. to fix the problem. Airdrop is a feature that comes pre-installed on iPhone, iPad or Mac (depending on the version of the operating system). Helps iOS, Mac devices connect together and can easily share files wirelessly with each other very quickly without affecting the quality of the file. Airdrop has been integrated on iPhone, iPod, iPad devices using iOS 7 or higher. Macbook from 2012 with OS X Yosemite (10.0) higher (except Mac Pro mid-2012). In addition, AirDrop cannot be used with other operating systems (Android phones, Windows Phone phones …).