A team of researchers from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) at TU Darmstadt discovered a severe privacy weakness in Apple’s wireless file-sharing protocol. The vulnerability could expose a user’s contact information, including email address and phone number.
In other words, attackers could learn sensitive details of Apple AirDrop users. AirDrop is used by Apple users to share files with each other but it turns out that complete strangers (threat actors included) can tap into the process. Everything that is needed to exploit the weakness is a wi-fi-enabled device and physical proximity to the target.
The target should initiate the discovery process by opening the sharing pane on an iOS or macOS device, the researchers said.
The good news is that the research team has developed a solution to the weakness that can replace the vulnerable AirDrop. However, Apple still hasn’t addressed the severe loophole, leaving more than 1.5 billion iOS and macOS users at risk.
Where does the Apple AirDrop vulnerability exist?
The weakness stems from Apple’s use of hash functions for obfuscation of the phone numbers and email addresses during the discovery process. The hashing in place fails to deliver a secure and private contact discovery, as the hash values can be easily reversed via simple techniques such as brute-force attacks.
And what about the solution?
Fortunately for Apple users, the researchers were successful at developing a solution. Called “PrivateDrop,” it can replace the flawed original AirDrop design.
How does the PrivateDrop solution work?
Shortly said, PrivateDrop is built upon optimized cryptographic private set intersection protocols that can securely perform the contact discovery process between two users without exchanging vulnerable hash values, the research team explained. The iOS and macOS of PrivateDrop implementation used by the team reveals that “it is efficient enough to preserve AirDrop’s exemplary user experience with an authentication delay well below one second.”
Apple yet to acknowledge the AirDrop vulnerability
It is noteworthy that the team warned Apple about the severe vulnerability in may 2019 in a “responsible disclosure.” However, the company “has neither acknowledged the problem nor indicated that they are working on a solution.”
This unresolved situation leaves the users of more than 1.5 billion Apple devices vulnerable to the outlined privacy attacks. “Users can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing menu,” the team added.
The results of the extensive research and analysis will be presented in a scientific paper in August this year during the USENIX Security Symposium.
More on Apple’s privacy in 2021.