Data transfer: vulnerability in AirDrop technology|Danger for Apple owners


Data transfer: vulnerability in AirDrop technology. The danger for Apple owners.The AirDrop technology used in Apple devices for transferring files revealed a serious flaw

Data transfer: vulnerability in AirDrop technology. The danger for Apple owners.The AirDrop technology used in Apple devices for transferring files revealed a serious flaw    The AirDrop technology used in Apple devices for transferring files revealed a serious flaw - you can intercept the subscriber’s personal data during data transfer. This way, attackers will recognize the real phone number of the victim.     AirDrop technology is a convenient tool for owners of Apple devices, allowing you to easily share photos, videos and links between them. However, Hexway cybersecurity experts said that AirDrop had a serious flaw that could be exploited by attackers.


The AirDrop technology used in Apple devices for transferring files revealed a serious flaw - you can intercept the subscriber’s personal data during data transfer. This way, attackers will recognize the real phone number of the victim.


AirDrop technology is a convenient tool for owners of Apple devices, allowing you to easily share photos, videos and links between them. However, Hexway cybersecurity experts said that AirDrop had a serious flaw that could be exploited by attackers.

The fact is that the basis of AirDrop is Bluetooth LE, which transmits information in the form of a hash.

Thus, hackers can intercept this information and decrypt it back, having received the real telephone a number of the subscriber.

  • If at the same time the user AirDrop also uses the function of transferring a password from Wi-Fi, then in the hands of fraudsters may also be a unique identification number Apple ID and email.


  • The head of the security company Errata Security, Rob Graham, confirmed to the Ars Technica portal the existence of this vulnerability, adding that its consequences are not so terrible as they are alarming since in fact, an attacker can get access to personal information without the user's knowledge.


  • At the same time, Hexway clarifies that the deficiency found is more a feature of the technology than a vulnerability. At the same time, researchers report that the problem with privacy was found in all versions of the iOS operating system, starting with 10.3.1 (including the beta of iOS 13).


  • The website talked to experts to find out what to expect for Apple device owners and whether to start panicking. According to Apple's business manager at Softline, Anton Karpov, within the framework of the Bluetooth LE connection protocol, the iPhone actually sends packets that, in theory, it is possible to listen, catch a hash, convert it and get a phone number.
You may also like


“However, hashing is a complex cryptographic the operation that, by definition, is very difficult to reversible and the source code is so hard to get from the hash that there is simply not enough computing power for this,” Karpov said.

  • Nikita Durov, Technical Director of Check Point Software Technologies in Russia and the CIS also believes that the problem with AirDrop described by Hexway is not as critical as it may seem at first glance.


  • “Hypothetically, attackers can really identify the device number and other data of the owner. For example, you can find out if a particular device is nearby. But this practice is unlikely to be widespread - it requires to pinpoint hacker work, and this is long enough and may not justify the effort, ”the expert explained.


  • The consultant of the Information Security Center of Jet Infosystems, Alexander Gon, pointed out that the danger of disclosing a phone number is equal to the same risks as the possibility of detecting this data through compromised databases.


  • "The scenario in which the attacker purposefully tries to obtain personal data in this way is more relevant for top management of large organizations, politicians and other media people," said the source in Gazeta.Ru.


  • Nevertheless, even the theoretical possibility of data theft is a threat, for counteracting which a number of precautions can be observed.


“Sometimes AirDrop features can be used to determine a person’s identity.

Another illegal use of AirDrop, which is now in the trend - the so-called "cyber flashing", when people send rudely or indecent photos to strangers in public places.

Our experts recommend setting up AirDrop so that only users from contacts can send content. You can completely disable the AirDrop function if you do not plan to actively use it at the moment, ”recommends Nikolaos Chrysaidos, head of the threat and protection research department for mobile devices at Avast.

At the end of July 2019, one of the Apple contractors told that the company was listening to the conversations that the owner of the Apple gadget had with the Siri voice assistant. As it turned out, the user's voice commands were actually recorded and sent to linguists for analysis in order to improve the quality of the assistant’s work. A week after the scandal, Apple announced the suspension of the Siri quality control program and also allowed users to choose whether to submit their records for analysis or not.


Data transfer: vulnerability in AirDrop technology|Danger for Apple owners Data transfer: vulnerability in AirDrop technology|Danger for Apple owners Reviewed by Write What's you know on August 04, 2019 Rating: 5

2 comments:

  1. This enormous change supports and inciting the Data Scientist over the association to adapt Big Data Training in Chennai.data science course in pune

    ReplyDelete
  2. Well, The information which you posted here is very helpful & it is very useful for the needy like me.., Wonderful information you posted here. Thank you so much for helping me out to find the Data analytics course in Mumbai Organisations and introducing reputed stalwarts in the industry dealing with data analyzing & assorting it in a structured and precise manner. Keep up the good work. Looking forward to view more from you.

    ReplyDelete

Like a Reply

Powered by Blogger.