Apple Reportedly Overlooked AirDrop Security Threats Before Alleged Chinese Hack

Apple Inc. AAPL was reportedly informed of potential security vulnerabilities in its AirDrop feature before the feature was allegedly breached by China’s Beijing Institute, as per information from security experts.

What Happened: The Beijing Institute, backed by the state, purports to have extracted iPhone users’ details via AirDrop. The institute decoded iPhone logs to identify users sharing content through AirDrop. 

However, the exact method remains undisclosed. Now, security experts agree that AirDrop’s security is dubious and that Apple had been previously notified of these issues, reported AppleInsider. 

See Also: How To Buy Apple (AAPL) Stock

MacWorld has confirmed the possibility of extracting sender details from device logs. Nonetheless, only the name of the sending iPhone and Bluetooth signal strength could be obtained from the console log on a Mac that received a file via AirDrop. These data points were stored in a subprocess of AirDrop, a component of the wider “sharing” process.

Alexander Heinrich, a security researcher, confirmed that AirDrop requires a validated Apple ID for a connection. Even though the Apple ID email and phone number are encrypted in hash values, they can reportedly be easily decoded. Heinrich’s findings are only significant when AirDrop is active.

Heinrich also mentioned that Apple was aware of this vulnerability and had even consulted researchers during the development of iOS 16. However, the report noted that his suggested secure version of AirDrop, which could potentially combat these security flaws, is not compatible with older iOS versions and remains unimplemented. 

Simultaneously, Apple has been granted a patent for a new version of AirDrop that would use light instead of Wi-Fi and Bluetooth, offering a faster and more secure solution.

Why It Matters: As reported by Benzinga in November 2022, Apple had restricted the AirDrop feature in China amid escalating anti-government protests. 

Previously, Apple has reduced the time window during which iPhone users can utilize the “Everyone” setting to receive content from anyone to just 10 minutes, suggesting a possible global shift. 

Nevertheless, the latest developments in China serve to emphasize these apprehensions.

Image Source – Shutterstock

Check out more of Benzinga’s Consumer Tech coverage by following this link.

Read Next: Apple's iPhone Survives A 16,000-feet Drop And Lives To Tell The Tale

Disclaimer: This content was partially produced with the help of Benzinga Neuro and was reviewed and published by Benzinga editors.

Market News and Data brought to you by Benzinga APIs
Comments
Loading...
Posted In:
Benzinga simplifies the market for smarter investing

Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.

Join Now: Free!