Apple’s AirDrop has got a bug that is helping hackers to steal users’ personal information like phone numbers and email addresses.
As per a report, AirDrop is riddled with a bug that potentially enables an attacker to get an individual’s phone numbers and email addresses of users even as an unknown person.
“All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device,” the researchers wrote in a blog post.
Basically, AirDrop functions in a way that takes into consideration a mutual authentication mechanism to compare a user’s phone number and email address with the entries in the address book of the device.
The researchers further revealed that hackers can access these personal details by being close to the person and also possessing a WiFi-enabled device.
“The discovered problems are rooted in Apple's use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process,” researchers added in the blog. They also found out that hashing fails to give ‘privacy-preserving contact discovery’ and that the hash values can be reversed using simple brute-force techniques.
“Users can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing menu,” researchers said.