IPhone users should be careful: Security researchers are currently warning there is a serious vulnerability in Apple’s popular AirDrop feature. Attackers could take advantage of a protocol flaw here to gain access to user data.
Apple users can wirelessly share files such as photos or videos with each other using the AirDrop feature. New study However, TU Darmstadt is now showing that even uninvited guests can access user data via a software vulnerability.
To make sure files are only shared with contacts, AirDrop verifies this before transferring Iphone Or iPads, cell phone number and email address of the other person and compare it with the data stored in the contact book.
However, as the researchers explain, attackers can use this mechanism to gain access to user data – even if it is not stored as a contact with the user. The only thing attackers need is a WiFi-enabled device close to the victim.
Apple: A vulnerability in iPhones and its partners has been known for two years
If the share menu opens on iPhone or iPad devices, the contact details involved will be hashed – this ensures authentication on other devices with AirDrop. But as the researchers write, this is not sufficient protection for user data. Attackers can count encrypted data back in milliseconds and thus exploit it.
According to security researchers, this security hole has been known to Apple for about two years – but it hasn’t closed yet and is still active in the latest versions of iOS and macOS. According to the researchers, authentication is mainly possible without the unsecured hash value, which is why they developed their own and more secure authentication protocol.
As of now, users only have the option to block AirDrop completely via the “Restrictions” item in the Screen Time menu. AirDrop receipts can also be stopped with iOS and Co. , But when you open the share menu, the contact details in this case are still sent.