Why iPhone owners should turn off AirDrop. Now.
Not everything Apple makes "just works" — at least not as intended, anyway.
Security researchers exploring AirDrop, the iOS and macOS feature that lets users wirelessly share files via WiFi and Bluetooth, reported Wednesday on a flaw they say exposes users' emails and phone numbers. Unless you want every creep on the street to be able to secretly grab your contact info, it's a bit of a nightmare.
The researchers, a team made up of members of the Secure Mobile Networking Lab (SEEMOO)and the Cryptography and Privacy Engineering Group (ENCRYPTO), claim they alerted Apple to the flaw in May of 2019. However, according to them, the company never responded.
"As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger," reads Tuesday's press release. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device."
We reached out to Apple to confirm the findings and to ask if indeed it was alerted to the vulnerability in 2019. We received no immediate response.
Notably, this is not the first questionable privacy situation tied to AirDrop. In 2019, researchers discovered that they were able to determine users' phone numbers based on the partial hashes AirDrop sends out. It's not clear if that concern was ever addressed by Apple, especially as the vulnerability disclosed this week appears similar in nature.
"The discovered problems are rooted in Apple's use of hash functions for 'obfuscating' the exchanged phone numbers and email addresses during the [AirDrop] discovery process," explains Tuesday's press release. "However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks."
AirDrop is also notorious for its association with digital harassment. Specifically, harassers used the feature for cyber-flashing — wherein a stranger bombards a victim's phone with unwanted photos of a sexual or graphic nature — and sending images associated with white supremacists to people just going about their own business in public.
Tweet may have been deleted
Tweet may have been deleted
Of course, you don't have to deal with any of this.
If you'd rather avoid having your iPhone expose your contact info to creeps and protect yourself from cyber-flashers, you can turn AirDrop off (and disable Bluetooth while you're at it).
SEE ALSO: Apple knows AirTags can be abused and is trying to get ahead of it
It's not a permanent thing — you can always briefly turn AirDrop back on if you need it for some reason — but disabling the feature will provide you with some peace of mind, and hey, that "just works."
Related Video: It's surprisingly easy to be more secure online
(责任编辑:产品中心)
- Gastro Obscura's Guide to Where to Eat in Nashville
- No contract talks with Xavi yet: Laporta
- Eriksen makes fairytale Denmark return
- N. Korea's criticism of Yoon reflects sense of isolation, crisis: unification ministry
- 多措并举优治理 绘就幸福新图景
- 12 Places that Celebrate Women in Science
- 北纬三十度公园路灯破损 市民呼吁及时更换
- 15+ Titles Every PC Gamer Should Own
- S. Korea starts construction of 2nd 3,600
- DNC 2024 speech: Barack Obama and Michelle Obama have a superpower no other Democrat has.
- Trump’s shutdown is a historic opportunity for Democrats.
- Russia promises to help North Korea build satellites
- Zoom update improves security with automatically protected meetings
-
Webb telescope just snapped image of huge black hole gobbling material
Black holes are misunderstood.They're almost inconceivably dense objects, which grants them immense ...[详细] -
ASUS Chromebook Flip C436 Review: A flexible laptop for our stay
There's no getting around it: Laptops are super important right now because we're all stuck at home. ...[详细] -
□唐小未有的工作还没开展多少,就忙于准备各种汇报材料、提炼经验成效;有的干部下乡,和群众没聊上几句,就忙着拍照合影;有的地方热衷于各种政务App,要么内容远离群众成为“僵尸号”,要么要求每天“打卡”, ...[详细]
-
S. Korean military launches branch dedicated to enhancing military space power
A United Launch Alliance Delta II rocket with the Soil Moisture Active Passive (SMAP) observatory on ...[详细] -
If aliens harnessed solar power, could we detect them? NASA investigated.
Somewhere in the galaxy, an advanced alien civilization might harness energy from its star. And NASA ...[详细] -
I tried a $7,600 desk that lets you get horizontal at work
It's prime cold and flu season, which means many of us are at home re-familiarizing ourselves with t ...[详细] -
N. Korea shut down Chinese Taipei to kick off men's football tournament
Ri Jo-guk of North Korea, second from right, is congratulated by teammates after scoring a goal agai ...[详细] -
15+ Titles Every PC Gamer Should Own
There are thousands upon thousands of PC games out there, and hundreds of good ones. However, some h ...[详细] -
From Prairie Grasslands to Man
The Tree-Planter’s State is not a moniker that Nebraska takes lightly. That’s because what early exp ...[详细] -
Basecamp fire grows as employees tweet they're leaving the company
As they have many times before, tech workers are once again taking a stand against controversial com ...[详细]
Top 10 Most Significant Nvidia GPUs of All Time
Behold: A precious cat that looks just like Baby Yoda
- Tesla's big software update includes something called 'Night Curfew'
- Behold: A precious cat that looks just like Baby Yoda
- Ruth Bader Ginsburg, Big Macs, government shutdowns, and Mary Oliver.
- Seoul's daily COVID
- Best smart home deals this week at Amazon
- Threadripper 3990X TRX40 VRM Torture Test feat. Asus ROG Zenith II Extreme Alpha
- Everything coming to Disney+ in May