Researchers say the encryption in AirDrop is too easy to break.
REPUBLIKA.CO.ID, JAKARTA – Apple has several features that are still being implemented by platform others, especially Android. AirDrop is one of them.
AirDrop is a feature made by Apple for the benefit of sending files between iOS and macOS devices online wireless practically. Reporting from Slashgear, Monday (26/4), unfortunately, AirDrop does not seem so safe.
The simple act of sharing files on macOS or iOS is enough to leak the user’s phone number and email address to hackers.
AirDrop uses a new technique that uses ad-hoc Wi-Fi and Bluetooth to scan for devices and establish a connection between them. Users have the option to share only with their contacts or with anyone with Mac or iPhone or not with anyone.
AirDrop actually scans the device by broadcasting an encrypted data packet containing the sender’s phone and email address. Its purpose is to check which nearby devices have the sender’s contacts also in order to qualify as recipients.
Unfortunately, the encryption doesn’t seem that strong. That encryption was almost too trivial for hackers to carry out brute-force attacks to decrypt numbers and email addresses.
Even more worrying, such hackers just have to sit around, waiting for anyone with a Mac, iPhone or iPad to start sharing anything to steal data. This telephone number and email address can then be used for other attacks such as fraud phishing.
Researchers disclosed this vulnerability to Apple in 2019 and even provided an open source reference implementation of a more secure alternative. However, Apple has not replied until recently.
– .
