AirDrop's Convenient Functionality Tainted by Potential Privacy Issue at Apple
A recently published report by Hexway, a cybersecurity firm, has highlighted a potential privacy issue within Apple's ecosystem. This issue, discovered by Google's Project Zero, centres around the sharing features of Apple devices, such as AirDrop and wifi password sharing.
When you hit the share button on AirDrop, your device broadcasts a partial SHA256 hash to nearby devices. This hash, while intended to protect customer privacy, could potentially reveal a user's actual phone number. Similarly, password sharing on Apple devices also broadcasts partial hashes of a user's phone number, AppleID, and email.
Convenience often comes at the cost of privacy, as demonstrated by this issue. If the privacy concerns this issue raises bother you, it's easily avoidable. Turning off AirDrop and not sharing wifi passwords in untrusted environments can help prevent this privacy issue. Disabling Bluetooth on your phone is currently the only known method to avoid this issue in public places.
The cybersecurity firm that published the initial report about zero-interaction security vulnerabilities in iOS is Meta. They warned about these vulnerabilities affecting WhatsApp on iOS and macOS, including the zero-click exploits.
Gizmodo reached out to Apple for comment about the issue and potential plans to address it, but no response has been received yet. The video below demonstrates this privacy issue in action.
It's important to note that Apple's claim, "What happens on your iPhone, stays on your iPhone", may not hold true in this case due to the broadcasting of hashes during sharing. Apple using partial hashes is an attempt to protect customer privacy, but the sharing features of its devices inherently require the sharing of personal data.
This privacy issue could potentially expose sensitive information to anyone with the necessary knowledge. Hexway, the researchers who wrote the initial report, included scripts in their white paper to help understand the issue better.
In conclusion, while Apple's devices are known for their privacy features, this issue serves as a reminder that privacy concerns can arise from the most unexpected places, even from features designed for convenience. Stay vigilant and take the necessary precautions to protect your privacy.
