Research from the Technical University of Darmstadt (Germany) has discovered a worrying vulnerability with smartphones or electronic devices that use AirDrop, a fairly common feature of Apple. The engineering team here said that this problem has been discovered since May 2019, but the company still ignores it. Even more than 1 billion active devices still have not been updated with security patches.
Basically, by default, AirDrop is set to only allow data transfer with other devices with contact names in contacts (Contacts Only). The process begins to exchange data, the device conducts “mutual authentication”, comparing the person’s phone number and email address with the entries in your contacts. Data is transmitted only when the required credentials are valid.
According to studies, even though the authentication process is encrypted, Apple only uses a relatively weak mechanism. Security experts can reverse-mining encrypted strings with just a few techniques that aren’t too complicated. This is the weakness that makes crooks able to attack and find out the phone numbers and email addresses of nearby AirDrop users.
The warning has been issued for a long time, along with advice on the most appropriate resolution. However, it seems that Apple still did not make any move after this. Many devices are facing the risk of personal data leakage.
And for safety, the University’s experts have issued a warning to all AirDrop users to protect themselves from the possibility of being compromised, by simply restricting use, or turning off the feature. When not in use, do not open the data sharing menu.