Bugs found in Apple's Airdrop, hackers can take resistance

There are bugs found in the Apple AirDrop , it could let the hackers grab the users’ Phone numbers and Email addresses of Apple users even as a complete stranger, making 1.5 billion users vulnerable, German security researchers reported.

All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening and sharing pane on an iOS device," they added.

Airdrop has the ability to wirelessly share files with each other, using AirDrop to transmit files between their iPhones and Macbooks. But researchers at the Technical University of Darmstadt in Germany have discovered that security weaknesses in the system.

And you know what’s worse? Apple hasn’t fixed the problem almost two years after being told about it, despite 1.5 billion devices worldwide being potentially vulnerable.

The researchers’ paper, entitled “PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop”, details what it describes as “two severe privacy vulnerabilities in the underlying authentication protocol” used by AirDrop.

According to the paper, the problem lies in how AirDrop determines if a nearby device belongs to somebody the user already knows.

To discover if two devices belong to mutual contacts, AirDrop transmits a SHA-256 hash of the sending user’s email address or phone number. Other devices in the vicinity examine the hash, and compare it to entries in their own address book – if a mutual match is made, the receiver sends back their own hash.

An attacker can brute-force the hash to determine users’ phone numbers – a technique which takes just seconds because of the relatively small number of possible phone numbers.