The AirDrop Vulnerability What You Need to Know

Airdrop is known as the “most secure” operating system according to many experts, The Airdrop Vulnerability What You Need to Know  iOS and macOS may lose this title with the increase in security vulnerabilities. The latest discovery in AirDrop has revealed yet another security vulnerability. The Apple AirDrop feature is a data transfer method that users in the brand’s ecosystem use heavily. Because Apple users can exchange data between Mac computers and mobile devices such as iPhones, iPad, and iPods thanks to AirDrop, the scope of this data exchange is very wide; such that users can access photos, videos, documents, notes, websites, etc. can transfer a lot of information via AirDrop. When you add the speed of AirDrop, which uses Bluetooth and Wi-Fi technologies, it is not difficult to understand why the feature is so popular. The feature could be rosier. According to the news today, AirDrop has a significant vulnerability. This vulnerability affects 1.5 billion Apple devices and users. It threatens the privacy of important information, such as phone numbers. Here are the details of that vulnerability and what you need to protect your data. This vulnerability is not newly detected; it was detected in 2019 and forwarded to Apple. However, after almost two years, Apple still needs to take a step on the subject. The vulnerability reported today is closely related to the problem two years ago. So much so that the German researchers at Technische Universitat Darmstadt, who detected the vulnerability, report that a new one is added to the previously found gap.

According to German researchers, the vulnerability detected two years ago only threatened users’ phone numbers. The shortcoming found now is the kind that makes the size of the gap much larger. So much so that, due to this lack of an AirDrop feature, malicious people’s e-mail, phone numbers, etc., can access all your information. Worse still, it doesn’t matter which AirDrop option you use for this data theft to happen. Just click on AirDrop’s share option.

What is AirDrop

AirDrop is for more than just photos. You can use it to transfer almost anything you can share. For example, you can AirDrop the link to a movie/video. You can also transfer songs, videos, texts, etc., to someone else’s iPad or iPhone. You can airdrop. This feature can handle information like contact information and locations you pinned in Apple Maps.

How Does AirDrop Work

AirDrop uses Bluetooth and Wi-Fi technologies to create a direct, encrypted connection between two Apple devices to transfer files. When a user selects a file to share via AirDrop, the sending device broadcasts a Bluetooth signal to nearby devices. If the receiving device is within range and has AirDrop enabled, it responds to the signal and creates a direct Wi-Fi connection with the sending device. This connection is encrypted and peer-to-peer, meaning that the transfer occurs directly between the two devices and does not go through intermediate servers or networks. The file transfer occurs quickly and efficiently without needing an internet connection or additional setup. Once the connection is established, the sending device transfers the file to the receiving device via the direct Wi-Fi connection. The receiving device prompts the user to accept or reject the transfer; once the user accepts, the file is saved to the receiving device. Suppose you want to share a photo with a friend with an iPhone; you can open the Photos app, select the photo you want to share, and tap the share icon. From there, you can select your friend’s iPhone from the list of available AirDrop recipients, and your friend will receive a prompt to accept the file transfer. Once your friend accepts, the photo is transferred directly from your device to your friend’s device via the encrypted AirDrop connection.

Ways to Mitigate AirDrop Privacy Risks 

While AirDrop provides a convenient way to share files between Apple devices, it also poses certain privacy risks. Here are some ways to mitigate those risks:

Adjust AirDrop settings

To mitigate the privacy risks associated with AirDrop, users can adjust their AirDrop settings to limit who can send files to their devices. On iOS devices, for example, you can set AirDrop to receive files only from your contacts rather than from anyone within range. On a Mac, you can receive files only from your contacts or turn off AirDrop completely when you’re not using it.

Limit your device’s visibility

You can also limit it to others by turning off Bluetooth or Wi-Fi when you’re not using them. This will prevent others from being able to see your device and send files to it via AirDrop.

Only accept files from trusted sources

To prevent the transmission of malicious content, it’s important to only accept files from people you know and trust. If you receive an AirDrop request from someone you don’t know, you should reject the request.

Disable AirDrop when not in use

AirDrop should be enabled only when needed. You should turn it off when you’re not using AirDrop to prevent others from sending files to your device without your knowledge or permission.

Keep your device up to date

Keeping your Apple device up to date is important as it allows you to benefit from regular security updates that address vulnerabilities and enhance the overall security of your device. These updates are crucial in protecting your device against various security threats, including those that could impact AirDrop.

Use a Virtual Private Network (VPN)

To address concerns regarding the security of your AirDrop transfers, one effective approach is to use a VPN which can encrypt your internet traffic and safeguard your device from potential eavesdropping and privacy threats. By implementing such best practices and taking measures to secure your device, you can mitigate privacy risks related to Air Drop and take advantage of its benefits, such as secure file sharing between your Apple devices.

Read  Also:Non-Fungible Token (NFT) What It Means and How It Works

What are the reasons for the vulnerability

According to German scientists, two reasons make AirDrop unsafe. Both of these reasons are related to the verification process of the devices at the initial connection stage. The origin of the first problem is that Apple offers the “Contacts Only” option in AirDrop. For this option to work, AirDrop has to access the “Contacts” (contacts) information on both devices that transfer data. Using the “Contacts Only” option becomes the first step of the information verification process. When you use AirDrop with this option, the phone information on the two devices is compared to determine if you are in each other’s contacts. Of course, that means sharing this information. Although Apple encrypts this information with the SHA256 hash function, it only does a little.

The second reason for the vulnerability is related to Apple’s verification protocol. Even if you don’t use the “Contacts Only” option, AirDrop checks your contacts for verification. Because of this, Apple’s lack of encryption is plaguing us again. The critical point is that Apple shares between the two devices; in AWDL packages containing the personal data of both users. More precisely, in the form of sharing these packages. Because when the two-device verification process starts, Apple throws these packets in every direction within the Bluetooth connection instead of just sharing these between the two devices. This means that a third party can access your data. In short, if malicious data is shared close enough, it can reach that data. Of course, more than accessing this information is required. In addition, if he wants to access your personal information, this person must be able to bypass the encryption of these packets. Although this is something that only some can do, it is still possible. Finally, German researchers say they are still waiting to get a response from Apple despite reporting it twice. The researchers also forwarded the solution they developed to Apple called “Private Drop.”

Things to consider before using AirDrop.

Before you start using AirDrop, there are many factors to make it work perfectly. Some of these are listed below

• You must have Bluetooth and Wi-Fi enabled on both the sending and receiving devices.
• Both devices should be within a few meters of range.
• If you are going to AirDrop a file to another user, it must accept receiving files from users who are not in the contacts. This should be a priority if your Apple ID is outside the contact list.
• Note that you must be signed in with the same Apple ID on both computers if you want to share between devices of the same property.

Send passwords with AirDrop.

With the evolution of AirDrop, its features are no longer limited to documents or photos but can also be used to share passwords. This can be extremely useful if you want to share an account with another person and have them have their username and password. This can be done by simply entering the iCloud password keychain, clicking on the specific login, and doing a long click on the password or user. In the menu at the top, select Airdrop and you can share this password securely.

Conclusion 

AirDrop can be a valuable way of sharing information between compatible devices. The AirDrop Vulnerability What You Need to Know However, it should not be used to send sensitive information. There is a privacy vulnerability when using AirDrop as data sent through it is not encrypted, meaning third parties can potentially access it. It is important to ensure that both devices are within range and have Bluetooth and Wi-Fi enabled before sending any information. Additionally, users should avoid sending passwords via AirDrop as this could lead to those passwords being accessed by malicious actors.