Attention Apple AirDrop users! Security bug found

The Apple AirDrop feature is a data transfer method that is heavily used by users in the brand’s ecosystem. Because Apple users can make data transfer between Mac computers besides iphone, iPad, iPod thanks to AirDrop. And the scope of this data transfer is very wide; so that users can transfer photo, video, document, note, website etc. a lot of information through AirDrop. With all this, when adding the AirDrop’s fastness which uses bluetooth and WI-FI tech, it’s not hard to get why this feature is so popular. But apparently the feature is not that all sweetness and light. According to todays news, AirDrop has a significant security bug. This bug affects 1.5 billion Apple users and threatens privacy of the users information such as e-mail, phone number. Here is the details of that security bug and what to do to protect personal information...

Actually, this security bug is not newly detected. Because this important bug has detected in 2019 and conducted to The Apple. But, although almost more than two years past, Apple has not yet taken a step on the subject. And the vulnerability informed today is closely related to the problem two years ago. So that, German researchers from Technische Universitat Darmstadt, reports that a new one has been added to the previously found.

According to German researchers, the two years ago detected vulnerability had threatened only phone numbers. Whereas the new founded vulnerability is the kind that grows the size of vulnerability so much more. So that, malicious persons can reach e-mail, phone number etc. such all information through AirDrop’s this vulnerability. And the worse, it doesn’t matter which option of AirDrop you use for this data theft to happen. It is just enough to click share option of AirDrop.

What is the reasons of this vulnerability?There are two reasons that make AirDrop insecure, according to German researchers. Both reasons is related to the validation process in the first connection phase of the devices. The origin of the first issue is that Apple offers only “contacts only” option in AirDrop. AirDrop must reach contacts info of both devices that makes data transfer in order to run this option. And it even becomes the first step of the validation process whilst using the “contacts only” option. Phone infos of both devices are compared in order to find both devices have each other contact infos for real when you use AirDrop with this option. And this means that sharing the informations. Although Apple encrypts these infos with SHA256 hash function, in fact, it doesn’t really work.

And the second reason of the vulnerability is related to Apple’s validation process. AirDrop checks your contact infos for validation, even if you don’t use the “contacts only” option. Therefore, Apple’s lack about encryption gets us in trouble. And the key point is in the AWDL packs that includes personal information of both users that Apple shares between both. But more precisely is he way of sharing these packs. Thus, when the validation process begins, Apple sends these packs to every way that bluetooth is connected, instead of sharing only between both devices. In this case this means that everyone can reach your personal information. To sum up, if a someone malicious is close enough, whilst

Finally, the German researchers say that they did not hear back from Apple despite reporting it twice. In fact, the researchers have even sent Apple their own solution called "PrivateDrop". If they still don't hear back from Apple, they plan to discuss the issue in detail at the USENIX security conference next August.

AirDrop shutdown guide
If you intend to take a break from AirDrop until the problem is fixed, here is how to turn off AirDrop:

#1- Open the control center by swiping down from the right side of the screen.

#2- Click on the AirDrop button.

#3- Select "Receiving Off" from the options that appear here.

Source: TheRecord, DigitalTrends, 9To5Mac