Researchers at the Technische Universität in Darmstadt, Germany, have warned that sensitive personal data can be exposed when using
AirDrop, a feature that makes it easy to move files wirelessly between Apple devices.
A hacker who is close enough when AirDrop is being used can relatively easily access both email addresses and phone numbers, because of a flaw in Apple’s security system which was discovered as long ago as May 2019 and has not yet been patched. This, the researchers point out, leaves the users of more than 1.5 billion Apple devices vulnerable.
“So far, Apple has neither acknowledged the problem nor indicated that [it is] working on a solution,” they say. “This means that the users of more than 1.5 billion Apple devices are still vulnerable to the outlined privacy attacks. Users can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing menu.”
The German researchers have developed their own encryption solution, called PrivateDrop, which addresses the shortcoming. But it is far from certain that Apple will implement the solution in future versions of AirDrop. It is believed that the company will move to bolster security in
iOS 15 and
macOS 12, however, so this may be dealt with in those updates.
WWDC coverage for the latest news about the summer’s operating system updates.
If you want to know more about the subject, visit
TU Darmstadt’s website.
This article originally appeared on
Macworld Sweden. Translation by David Price.