Hello guest, if you read this it means you are not registered. Click here to register in a few simple steps, you will enjoy all features of our Forum.
Rules have been updated! Here

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5

[-]
Tags
issue long changing researchers privacy airdrop setting simple bug quot fixes standing

AirDrop privacy issue: Researchers -"changing simple setting fixes long-standing bug"
#1
Information 
The AirDrop feature on iPhones and MacBook computers has a vulnerability that could give scammers access to your email and phone number, a team of researchers say.

AirDrop lets you share photos, documents and other files with other Apple devices nearby. When users have Bluetooth and WiFi turned on, they can discover each others' devices and connect and share.

But the discovery process can also leave your device open to potential data pirates, say computer science researchers at the Technical University of Darmstadt in Germany.

In a recently published alert, the researchers said strangers within range of your device can learn your email address and phone number when you open the sharing function. That's because as part of the process to authenticate file sharing, AirDrop checks phone numbers and email addresses against the other user's address book.


You don't have to initiate a connection with the other device for it to potentially eavesdrop and that represents "a severe privacy leak," the researchers said. Several outlets including 9to5Mac.com have reported on the flaw.

Even though the data shared in AirDrop authentications has privacy protections – cryptography measures called hash functions – those "hash values can be quickly reversed using simple techniques such as brute-force attacks," the researchers said. With your email address and phone number discovered, you could be more at risk for phishing attempts and other scams.

The researchers say they notified Apple about the vulnerability nearly two years ago, but Apple "has neither acknowledged the problem nor indicated that they are working on a solution," they said. "This means that the users of more than 1.5 billion Apple devices are still vulnerable to the outlined privacy attacks."

They suggest users of Apple devices disable AirDrop – "Go to Settings>General>AirDrop>Receiving Off" – and not open the sharing menu. When you really need to share files, just turn the function back on and turn it off when you are finished.


Apple did not immediately respond to request for comment on the alert. On its AirDrop instruction page, Apple suggests that users "make sure that the person you're sending to is nearby and within Bluetooth and Wi-Fi range."

The German researchers also said they designed a "PrivateDrop" feature to replace AirDrop, with improved privacy protections and "authentication delay well below one second,"
[-] The following 2 users say Thank You to Soul Rider for this post:
  • mare1, PriSim
Reply
#2
The lack of response from Apple is pretty disturbing but then again it's Apple so what did you expect. I am not even surprised that there is such a huge mistake in terms of privacy. Although Apple customer support itself knows a lot about you from what I have heard from one of my mates. Apple devices themselves are examples of privacy done badly.
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)