A feature of Apple devices that is widely used due to its immediacy is AirDrop. Well, it’s breaking news that an organization supported by Chinese government violated it to allow the authorities to identify senders sharing “unwanted content” via the peer-to-peer wireless protocol.
AirDrop “cracked” by exploiting a vulnerability that Apple has been aware of for some time
The Cupertino giant has always advertised its protocol as totally safe, because it is based on crittografia Transport Layer Security (TLS). However, the Municpal Bureau of Justice of Beijing claims to have found a way to bypass security measures and discover information about users who use AirDrop to share photos, videos, documents, contacts and even passwords.
The ploy successfully helped public security authorities to identify some suspicious people who used the feature of Apple devices to spread illegal content. «This finding improves the efficiency and accuracy of case resolution, and prevents the spread of inappropriate comments and potential negative influences», declared the BMBJ.
The Bureau reportedly analyzed iPhone logs and created a “rainbow table” that allowed it to convert hash values hidden in the original text and correlate i phone numbers they account email of those who forwarded and received content.
Apple restricted the use of AirDrop on devices in China in November 2022, after anti-government activists had used the feature to spread politically motivated material (flyers and the like).
The first reports date back to 2019
According to a new report (via 9to5mac), some security researchers already several years ago (in 2019) they had warned Apple on the risks deriving from the encryption of telephone numbers and email addresses. In 2021, Alexander Heinrich of TU Darmstadt informed the Cupertino company of «discovered two protocol design flaws that allow attackers to discover phone numbers and email addresses of both the sender’s and recipient’s devices».
Apple would have responded to this report during the development of iOS 16 (released in 2022), but apparently the problem has not been resolved. The reason for this lack of intervention is to be found – it is hypothesized – in the fact that a transition to a more secure and updated version of the AirDrop protocol would have made communication with older devices incompatible and not capable of running the latest versions of iOS.