Apple makes it easy for people who want to locate their lost iPhones, share Wifi passwords and use AirDrop to send files to other nearby devices. A recently published report showed how snoops can capitalize on these features in order to gather potentially sensitive data that in some cases includes phone numbers. We all know that Apple devices cost a small fortune but one of the biggest advantages of its system is to seamlessly share files between devices with the help of Apple Airdrop.
But it feels like this end-to-end encryption is also now compromised. If you’ve got Bluetooth enabled and use Apple AirDrop or share your wifi passwords, anyone with a bit of hacking knowledge can nab your actual phone number. Apple’s one of the most famous saying is ‘What happens on your iPhone, stays on your iPhone,’ but in this case, it seems missing. Sharing features unavoidably require devices to well share information.
AirDrop and wifi password sharing broadcasts a partial SHA256 hash to all devices in your vicinity every time you hit share. It means that next time you try to AirDrop a cursed photo of say, live-action Sonic the Hedgehog, to your fellow bleary-eyed commuters on the train, you would also be broadcasting your actual phone number to anyone smart enough to scoop it up. On the same time, password sharing includes partial hashes of not only your phone number but also your AppleID and email. You can see it in action in the video below.
Hexway, the cybersecurity researchers have written the initial report, the scripts also included in the white paper. Ars Technica, which initially spotted Hexway’s report, noted a researcher used Hexway’s scripts to then scoop up details of over a dozen iPhones and Apple Watches in a bar in just a minute or two. The results, however, is not surprising but it’s not exactly comforting either.
Hexway’s report includes proof-of-concept software that demonstrates the information broadcast. Errata Security CEO Rob Graham installed the proof-of-concept on a laptop that was equipped with a wireless packet sniffer dongle. And within less than a minute or two he captured details of more than a dozen iPhones and Apple Watches that were within radio range of the bar where he was working.
The disclosure of information might not be serious news, such as workplaces where everyone knows everyone anyway. But the exposure of news may get creepier when you are in a public place or anywhere outside, Like the subway, a bar, or a department store, where anyone with some low-cost hardware and a little know-how can collect the details of all Apple devices that have BLE turned on. The data could also damage the companies that track customers as they move through retail outlets.