Apple AirDrop flaw exposes 1.5 billion devices — what to do
AirDrop encrypts phone numbers, but they can be figured out
Apple's AirDrop protocol can accidentally leak your email address and phone number to any Apple device nearby, five German researchers have discovered. They say Apple has known of this problem — which makes 1.5 billion devices vulnerable — for nearly two years, but add that they've got a possible solution.
"It is possible to learn the phone numbers and email addresses of AirDrop users -- even as a complete stranger," states a website put up by the researchers. "An attacker just requires a Wi-Fi-capable device and physical proximity to a target."
- Ransomware gang wants Apple to 'buy back' stolen blueprints
- The best Mac antivirus software
- Plus: iPhone 13 concept is stunning — and has everything
"Apple users are still vulnerable," the site adds. "They can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing pane."
How to protect yourself
To make sure you're not vulnerable to these attacks, you'll want to set your AirDrop to "Receiving Off" on an iPhone or iPad, and to "Allow me to be discovered by No One" on a Mac.
You might also want to turn off Wi-Fi and Bluetooth when you're not using them, although it's not clear whether doing so will actually turn off AirDrop.
Alternatively, you could just let "Everyone" send you AirDrop files, because then there won't be any exchange of email addresses or phone numbers. You might end up seeing a lot of disturbing images sent by other iPhone users, though.
How AirDrop initiates connections
When your AirDrop-enabled device is ready to share a file, it broadcasts an encrypted form of your phone number and/or email address (whichever is tied to your Apple account) to anything within Wi-Fi or Bluetooth range.
Sign up now to get the best Black Friday deals!
Discover the hottest deals, best product picks and the latest tech news from our experts at Tom’s Guide.
It does this so that other Apple devices with AirDrop set to the "Contacts Only" default can check to see whether you're in their users' contact lists in case you want to connect. (Devices with AirDrop set to "Everyone" doesn't perform this check, but still receive the encrypted phone numbers or email addresses.)
The Apple devices don't broadcast actual phone numbers or email addresses. Rather, they send out "hashes" of those values, i.e. long strings of text you get when you run text through fixed mathematical algorithms.
For example, the phone number 1 (212) 555-1212, with spaces and parentheses removed, would come out of the SHA-256 hashing algorithm that AirDrop uses as "26321368f6c23510f79a21085024dd5a4f958e6c22dc057a358d1b5a1fc5c932."
Other Apple devices check those hashes against the hashes of email addresses and phone numbers they have in their own contact lists. If a match is made, then those devices reply to yours with their own email and phone-number hashes.
If both devices have each other's contact information in their Contacts list, then an AirDrop connection is made and files can be shared. (Again, the "Everyone" setting skips this check and just shares files with anyone.)
Sounds good, but there's a problem
The problem is that while hashes are supposed to be irreversible — you shouldn't be able to dial back a hash to get the original phone number or email address — that's not exactly how it works in real life.
"Cryptographic hash functions cannot hide their inputs (called preimages) when the input space is small or predictable, such as for phone numbers or email addresses," states an academic paper authored by researchers Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute and Christian Weinert.
Heinrich, Hollick and Stute previously worked on ways to attack AirDrop's technical underpinnings.
In other words, because phone numbers follow predictable formats, it wouldn't take long for even a midrange computer to precompile a list of known hashes for all the possible phone numbers in a specific area code, or all 10 billion or so possible phone numbers in North America.
A hacker could put a precompiled list of telephone-number hashes on his laptop, then sit in a public place — such as outside the entrance to a big corporation's headquarters at lunchtime — and passively collect the numbers of nearby iPhones as they try to set up AirDrop shares.
The hacker could also actively force other devices to give up their phone numbers. The attacker could initiate AirDrop shares by sending out the hash of a phone number that many people were likely to have in their contact lists — say, a company's main switchboard number, or the number of its human-resources department.
Any passing iPhone with that number in its Contacts list would send back the hash of its own phone number.
OK, so what if a stranger knows my mobile number?
Because mobile phone numbers are (mistakenly) used as identity verification for password challenges, bank-account logins and two-factor authentication, you could cause a lot of damage if you got the phone numbers of high-profile individuals or anyone who owns a lot of Bitcoin.
Email addresses are a bit harder to precompile hashes for, as they don't conform to any set length and can contain letters as well as numbers. But a hacker could limit the precomputed hashes to addresses ending in "@gmail.com" or "@yahoo.com," or to addresses following a company's specific addressing format.
"Alternatively, an attacker could generate an email lookup table from data breaches or use an online lookup service for hashed email addresses," the paper states.
The hacker could then harvest email addresses in the same manner as the phone numbers. Those email addresses, the research paper notes, could be used "for fraudulent activities such as (spear) phishing attacks or making a profit by selling personal data."
A solution presents itself
The Darmstadt researchers said they privately told Apple about the passive-attack scenario in May 2019, and the active-attack one in October 2020. In July 2019, a second group independently found the passive-attack issue and went public with it.
"Apple has not yet commented if they plan to address these AirDrop issues," the research paper says. (Tom's Guide has reached out to Apple for comment, and we will update this story when we receive a reply.)
The researchers have created an open-source project called "PrivateDrop" that "integrates seamlessly into the current AirDrop protocol stack."
They say PrivateDrop, which they told Apple about in October, will fix AirDrop's data-leakage problems by substituting other values for the hashed phone numbers and email addresses.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.