iPhone users need to be careful: security researchers are currently warning of a serious vulnerability in Apple’s popular AirDrop feature. Attackers can take advantage of a protocol error here to access user data.
Apple users can easily share files such as pictures or videos with each other using the AirDrop feature. A new study TU Darmstadt is now showing, that uninvited guests can also access user data through a weak point in the software.
Airdrop checks before transfer to ensure that files are shared only with contacts Iphone Or iPads, comparing them with the other person’s cell phone number and email address, and the data stored in the contact book.
As the researchers showed, however, attackers can use this mechanism to access user data – even if they are not stored as a user’s contact. All that the attackers need is a WiFi-enabled device that is close to the victim.
iOS 15: First information about the new Apple operating system
Apple: iPhones and Co. The security gap is known for two years
If the Share menu is opened on an iPhone or iPad, the corresponding contact details hashed – this ensures authentication on other devices with AirDrop. As the researchers write, however, this is not sufficient protection for user data. Encrypted data can be counted back by attackers in milliseconds and thus tapped.
According to security researchers, this security gap has been known at Apple for nearly two years – but it has not closed yet and is still active in the latest versions of iOS and macOS. According to the researchers, authentication is basically possible without an insecure hash value, which is why they have developed their own, more secure authentication protocol.
Until now, users only have the option to completely block airdrops through the “Restrict” item in the “Screen Time” menu. Getting through AirDrop is basically iOS and Co. Can be closed with, but upon opening the share menu, in this case contact details are still sent.