Data transfer: vulnerability in AirDrop technology|Danger for Apple owners

Data transfer: vulnerability in AirDrop technology. The danger for Apple owners.The AirDrop technology used in Apple devices for transferring files revealed a serious flaw

The AirDrop technology used in Apple devices for transferring files revealed a serious flaw - you can intercept the subscriber’s personal data during data transfer. This way, attackers will recognize the real phone number of the victim.

AirDrop technology is a convenient tool for owners of Apple devices, allowing you to easily share photos, videos and links between them. However, Hexway cybersecurity experts said that AirDrop had a serious flaw that could be exploited by attackers.

The fact is that the basis of AirDrop is Bluetooth LE, which transmits information in the form of a hash.

Thus, hackers can intercept this information and decrypt it back, having received the real telephone a number of the subscriber.

• If at the same time the user AirDrop also uses the function of transferring a password from Wi-Fi, then in the hands of fraudsters may also be a unique identification number Apple ID and email.

• The head of the security company Errata Security, Rob Graham, confirmed to the Ars Technica portal the existence of this vulnerability, adding that its consequences are not so terrible as they are alarming since in fact, an attacker can get access to personal information without the user's knowledge.

• At the same time, Hexway clarifies that the deficiency found is more a feature of the technology than a vulnerability. At the same time, researchers report that the problem with privacy was found in all versions of the iOS operating system, starting with 10.3.1 (including the beta of iOS 13).

• The website talked to experts to find out what to expect for Apple device owners and whether to start panicking. According to Apple's business manager at Softline, Anton Karpov, within the framework of the Bluetooth LE connection protocol, the iPhone actually sends packets that, in theory, it is possible to listen, catch a hash, convert it and get a phone number.

You may also like

• how to steal money from bank cards: Data Capture by a new way
• FaceApp users at risk: Scammers Target FaceApp Users
• Why the iPhone 2019-20 is doomed: how would the iPhone 11 look
• Vivo Z1 Pro | Complete Public Reviews | Accurate Specification | Price | You need to Know
• The era ended: iPhone sales have fallen to record levels again
• Championship Collapse: Brazilian striker Adriano left Spartak
• Facebook is unexpectedly developing a device that can read minds.

“However, hashing is a complex cryptographic the operation that, by definition, is very difficult to reversible and the source code is so hard to get from the hash that there is simply not enough computing power for this,” Karpov said.

• Nikita Durov, Technical Director of Check Point Software Technologies in Russia and the CIS also believes that the problem with AirDrop described by Hexway is not as critical as it may seem at first glance.

• “Hypothetically, attackers can really identify the device number and other data of the owner. For example, you can find out if a particular device is nearby. But this practice is unlikely to be widespread - it requires to pinpoint hacker work, and this is long enough and may not justify the effort, ”the expert explained.

• The consultant of the Information Security Center of Jet Infosystems, Alexander Gon, pointed out that the danger of disclosing a phone number is equal to the same risks as the possibility of detecting this data through compromised databases.

• "The scenario in which the attacker purposefully tries to obtain personal data in this way is more relevant for top management of large organizations, politicians and other media people," said the source in Gazeta.Ru.

• Nevertheless, even the theoretical possibility of data theft is a threat, for counteracting which a number of precautions can be observed.

“Sometimes AirDrop features can be used to determine a person’s identity.

Another illegal use of AirDrop, which is now in the trend - the so-called "cyber flashing", when people send rudely or indecent photos to strangers in public places.

Our experts recommend setting up AirDrop so that only users from contacts can send content. You can completely disable the AirDrop function if you do not plan to actively use it at the moment, ”recommends Nikolaos Chrysaidos, head of the threat and protection research department for mobile devices at Avast.

At the end of July 2019, one of the Apple contractors told that the company was listening to the conversations that the owner of the Apple gadget had with the Siri voice assistant. As it turned out, the user's voice commands were actually recorded and sent to linguists for analysis in order to improve the quality of the assistant’s work. A week after the scandal, Apple announced the suspension of the Siri quality control program and also allowed users to choose whether to submit their records for analysis or not.