Researchers find a scary data vulnerability in Apple’s AirDrop

Hackers can tap into AirDrop data and pull your phone number or your email address. This issue has been known since 2019 and has yet to be patched or acknowledged by Apple, though it impacts almost 1.5 billion Apple devices today.

According to a report from security researchers at Germany’s Technical University of Darmstadt, the core of this issue is the way in which AirDrop shares files between Apple devices using the address book and contacts list as an option by default. Per the researchers, since AirDrop leverages “a mutual authentication mechanism,” to compare phone numbers, as well as email addresses, a hacker can easily intercept this information using “a Wi-Fi-capable device” that is nearby to an Apple user sharing through MacOS, iOS, or iPadOS via AirDrop. A proof of concept attack can be found on GitHub.

This can be done even if the hacker isn’t in the user’s address book or contacts list. It happens both ways, via Sender Leakage, as well as Receiver Leakage, according to the researchers.

Apple does try to protect the exchanged phone numbers and email addresses via “obfuscating,” but security researchers have found that it does not prevent the reversing of hash values. These can be “quickly reserved,” according to security researchers, through brute force attacks.

The researchers at the Technical University of Darmstadt have claimed to developed “PrivateDrop” which can replace AirDrop’s flawed design. This solution is reportedly based on optimized cryptographic private set intersection protocols.

This means it can complete exchanges between certain devices without exchanging the hash values that could otherwise be interpreted. This all can occur with a delay time of around a second. This project is available on GitHub, for those interested in the research behind what went into developing it.

Since Apple hasn’t yet officially released a fix, you can try to avoid using or completely turn off AirDrop if you are concerned. To do this on an iPhone or an iPad, click Settings > General. From there, tap AirDrop > Receiving Off. On MacOS, you can turn off AirDrop by clicking to the Control Center next to the date and time, choosing AirDrop, and then toggling the switch to Off. Additional details are available via Apple if you wish to learn more about AirDrop on MacOS.

Related posts

Latest posts

T-Mobile, Starlink enable satellite texting early for people impacted by Los Angeles fires

T-Mobile and SpaceX have been working on bringing Starlink satellite connectivity to customers for a while, and it’s flipping on

iPad 11: Two Key Upgrades Will Bring Apple Intelligence to Budget iPad

The next-generation, entry-level iPad will support the Apple Intelligence suite of AI features, according to Bloomberg's Mark Gurman.In his Power

Apple Watch SE 3 With ‘New Look’ Expected to Launch This Year

A third-generation Apple Watch SE will be released later this year, and it will have a "new look" of some

HomePod Mini 2 and New Apple TV Launch Timeframe Narrowed Down

Bloomberg's Mark Gurman recently reported that Apple plans to release new HomePod mini and Apple TV models this year, and

All the cool gadgets that made me sad I didn’t go to CES 2025

I wrote about CES 2025 from the comfort of my home, but a selection of really cool gadgets made me sad I didn't attend the show in person.

Zuckerberg vents at Apple over iPhone, but forgets Facebook’s flops

The Meta chief says Apple essentially sat on the iPhone and hasn't made any remarkable progress. He didn't mention how Facebook flubbed phones and tablets.

Forget the Galaxy S25 Slim. The OnePlus Open 2 could be the thinnest foldable ever

According to tipster Digital Chat Station, the OnePlus Open 2 could be the thinnest folding phone ever made — and it could sport a titanium frame.

Apple Watch SE might embrace a new look this year

The next Apple Watch SE, expected to arrive this year, could hit the shelves rocking a new look. The budget watch could also ditch metal in favor of plastic.

Nvidia’s DLSS 4 isn’t what you think it is. Let’s debunk the myths

Nvidia's new DLSS 4 feature is an exciting update for RTX users, but it's been drowned in a sea of assumptions and misunderstandings.

I love the Motorola Razr and Galaxy Z Flip 6, but there’s still room to make flip phones better

Android OEMs are improving flip phones every year, but how can they get better going forward?