AirDrop, the feature that allows Mac and iPhone users to wirelessly transfer files between devices, is leaking users’ emails and phone numbers, and there’s not much anyone can do to stop it other than disable it, researchers said.
AirDrop uses Wi-Fi and Bluetooth Low Energy to create instant connections to nearby devices so they can send photos, documents, and more from one iOS or macOS device to another. In one mode only contacts can connect, in the second everyone can connect and in the last mode no connections can be made at all.
A matter of milliseconds
To determine whether a potential sender’s device should connect to other nearby devices, AirDrop broadcasts Bluetooth ads that contain a partial cryptographic hash of the sender’s phone number and email address. If one of the truncated hashes matches a phone number or email address in the recipient device’s address book, or if the device is set to receive from anyone, the two devices will enter into a mutual authentication handshake over Wi-Fi. During the handshake, the devices exchange the full SHA-256 hashes of the phone numbers and email addresses of the owners.
Of course, hashes cannot be converted into the plaintext that generated them, but depending on the amount of entropy or randomness in the plaintext, they can often be traced. Hackers do this by launching a “brute-force attack”, which throws huge numbers of guesses and waits for the one to generate the sought-after hash. The less entropy in the plaintext, the easier it is to guess or crack, as there are fewer possible candidates for an attacker to try.
The amount of entropy in a phone number is so minimal that this cracking process is trivial, since it takes milliseconds to look up a hash in a pre-computed database of results for all possible phone numbers in the world. While many email addresses have more entropy, they too can be cracked using the billions of email addresses exposed in database breaches over the past 20 years.
“This is an important finding because it allows attackers to get their hands on freely personal information of Apple users that can be misused in later steps for spear phishing attacks, scams, etc. or simply sold,” says Christian Weinert , one of the researchers. at the Technical University of Darmstadt in Germany who discovered the vulnerabilities. “Who wouldn’t want to send a message directly to, say, Donald Trump on WhatsApp? All attackers need is a Wi-Fi-enabled device near their victim.”
Transmitter leakage vs. receiver leakage
In a paper presented at the USENIX Security Symposium in August, Weinert and researchers at TU Darmstadt’s SEEMOO lab came up with two ways to exploit the vulnerabilities.
The simplest and most powerful method is for an attacker to simply monitor the discovery requests that other nearby devices are sending. Since the sender device always reveals its own hashed phone number and email address every time it scans for available AirDrop recipients, all the attacker has to do is wait for nearby Macs to open the share menu or nearby iOS devices to open the share sheet . The attacker does not need to have the target’s phone number, email address or any other prior knowledge.
A second method works largely in reverse. An attacker could open a share menu or share sheet and see if nearby devices respond with their own hashed details. This technique is not as powerful as the first, as it only works if the attacker’s phone number or email address is already in the recipient’s address book.
Still, the attack can be useful if the attacker is someone whose phone number or email address is known to many people. For example, a manager can use it to find out the phone number or email address of employees who have stored the manager’s contact information in their address book.
In an email, Weinert wrote:
What we call “sender leakage” (someone planning to share a file leaks their hashed contact IDs) can be exploited by placing “bugs” (tiny Wi-Fi devices) in public hotspots or other places of interest.
Suppose you plant such a bug in a meeting room or an event where politicians, celebrities or other ‘VIPs’ gather (eg Oscar Awards). At least once one of them opens the share on an Apple device, you can get their hands on their private cell phone number.
From a reporter’s perspective, a scenario for what we call “receiver leakage”: Say you interacted with a celebrity via email to cover a story. Therefore, if the celebrity has saved your email address, you can easily find out his private cell phone number when you are around (during an interview, for example). In this case the celebrity [does] they don’t even need to open the panel or otherwise touch their device!
Two years of silence from Apple
The researchers say they privately notified Apple of their findings in May 2019. A year and a half later, they presented Apple with “PrivateDrop”, a reworked AirDrop they developed that uses private set intersection, a cryptographic technique that allows two parties to connect. discovery process without releasing vulnerable hashes. The PrivateDrop implementation is publicly available on GitHub.
“Our prototype implementation of PrivateDrop on iOS/macOS demonstrates that our privacy-friendly mutual authentication approach is efficient enough to maintain AirDrop’s exemplary user experience with an authentication delay of over a second,” the researchers wrote in a post describing their work. to summarize.
As of this week, Apple has yet to specify whether it has any plans to use PrivateDrop or use another means to address the vulnerability. Apple representatives did not respond to an email requesting comment for this release.
What this means is that every time someone opens a panel in macOS or iOS, they leak hashes that reveal at least their phone numbers and probably their email addresses as well. And in some cases, having AirDrop enabled may be enough to leak those details.
Weinert said the only way to avoid the leak for now is to set AirDrop detection to “no one” in the system settings menu and also refrain from opening the panel. When using AirDrop at home or in other trusted environments, this advice may be overstated. It may make more sense when using a computer at a conference or other public venue.