Changing Simple Airdrop Setting Fixes Long-Standing Privacy Bug

The Airdrop feature on iPhones and MacBook computers has an exposure that could give scammers entry to your email and phone number.

Airdrop allows the users to share photos, documents and other files with other Apple devices nearby. When users have Bluetooth and WiFi turned on, they can discover each others’ devices and connect and share. The discovery process can also leave your device open to possible data pirates.Researchers said that anybody within range of your device can learn your email address and phone number when you open the sharing function. That’s because as part of the process to authenticate file sharing, Airdrop checks phone numbers and email addresses against the other user’s address book.

The user need not initiate a connection with the other device for it to potentially eavesdrop and that represents privacy leak. The data shared in airdrop authentications has privacy protections like cryptography measures called hash functions . Those hash values can be quickly reversed using simple techniques such as brute-force attacks. With the user’s email address and phone number discovered, you could be more at risk for phishing attempts and other scams.

The researchers notified Apple about the vulnerability nearly two years ago. The company neither acknowledged the problem nor indicated that they are working on a solution. This means that the users of more than 1.5 billion Apple devices are still vulnerable to the outlined privacy attacks.The researchers suggested a temporary solution to the users of Apple devices to disable Airdrop – “Go to Settings>General>Airdrop>Receiving Off” – and not open the sharing menu. When you need to share files, just turn the function back on and turn it off when you are finished.