{"id":36036,"date":"2022-06-01T16:03:23","date_gmt":"2022-06-01T20:03:23","guid":{"rendered":"https:\/\/mjtsai.com\/blog\/?p=36036"},"modified":"2022-06-01T16:03:23","modified_gmt":"2022-06-01T20:03:23","slug":"airdrop-contacts-privacy-flaw","status":"publish","type":"post","link":"https:\/\/mjtsai.com\/blog\/2022\/06\/01\/airdrop-contacts-privacy-flaw\/","title":{"rendered":"AirDrop Contacts Privacy Flaw"},"content":{"rendered":"<p><a href=\"https:\/\/www.macrumors.com\/2021\/04\/23\/airdrop-researchers-security-flaw\/\">Sami Fathi<\/a>:<\/p>\n<blockquote cite=\"https:\/\/www.macrumors.com\/2021\/04\/23\/airdrop-researchers-security-flaw\/\"><p>Researchers at <a href=\"https:\/\/www.informatik.tu-darmstadt.de\/fb20\/ueber_uns_details_231616.en.jsp\">TU Darmstadt have discovered<\/a> that the process which AirDrop uses to find and verify someone is a contact on a receiver&rsquo;s phone can expose private information.<\/p><p>[&#8230;]<\/p><blockquote><p>As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users &#x2013; even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.<\/p><p>The discovered problems are rooted in Apple&rsquo;s use of hash functions for &ldquo;obfuscating&rdquo; the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.<\/p><\/blockquote><\/blockquote>\n<p>I&rsquo;m not sure of the status of this issue. The flaw was reported to Apple in 2019, and Fathi&rsquo;s article is from 2021, but I&rsquo;ve not heard more about it since.<\/p>\n<p><a href=\"https:\/\/forums.macrumors.com\/threads\/researchers-discover-airdrop-security-flaw-that-could-expose-personal-data-to-strangers.2292911\/?post=29809012#post-29809012\">ikramerica<\/a>:<\/p>\n<blockquote cite=\"https:\/\/forums.macrumors.com\/threads\/researchers-discover-airdrop-security-flaw-that-could-expose-personal-data-to-strangers.2292911\/?post=29809012#post-29809012\">\n<p>[Does] this mean turning on &ldquo;everyone&rdquo; is more secure as no matching is attempted?<\/p>\n<\/blockquote>","protected":false},"excerpt":{"rendered":"<p>Sami Fathi: Researchers at TU Darmstadt have discovered that the process which AirDrop uses to find and verify someone is a contact on a receiver&rsquo;s phone can expose private information.[&#8230;]As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users &#x2013; even as a complete stranger. All they require [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"apple_news_api_created_at":"2022-06-01T20:03:28Z","apple_news_api_id":"a3a9ff47-fcb7-4851-a8fc-b6eba14b5602","apple_news_api_modified_at":"2022-06-01T20:03:28Z","apple_news_api_revision":"AAAAAAAAAAD\/\/\/\/\/\/\/\/\/\/w==","apple_news_api_share_url":"https:\/\/apple.news\/Ao6n_R_y3SFGo_LbroUtWAg","apple_news_coverimage":0,"apple_news_coverimage_caption":"","apple_news_is_hidden":false,"apple_news_is_paid":false,"apple_news_is_preview":false,"apple_news_is_sponsored":false,"apple_news_maturity_rating":"","apple_news_metadata":"\"\"","apple_news_pullquote":"","apple_news_pullquote_position":"","apple_news_slug":"","apple_news_sections":"\"\"","apple_news_suppress_video_url":false,"apple_news_use_image_component":false,"footnotes":""},"categories":[2],"tags":[1003,176,31,1837,30,1891,355],"class_list":["post-36036","post","type-post","status-publish","format-standard","hentry","category-technology","tag-airdrop","tag-contacts","tag-ios","tag-ios-14","tag-mac","tag-macos-11-0","tag-privacy"],"apple_news_notices":[],"_links":{"self":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/36036","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/comments?post=36036"}],"version-history":[{"count":1,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/36036\/revisions"}],"predecessor-version":[{"id":36037,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/posts\/36036\/revisions\/36037"}],"wp:attachment":[{"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/media?parent=36036"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/categories?post=36036"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/mjtsai.com\/blog\/wp-json\/wp\/v2\/tags?post=36036"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}