Apple's AirDrop feature has reportedly been cracked by a Chinese state-backed institution, allowing authorities to identify senders who share "undesirable content" over the peer-to-peer wireless protocol (via Bloomberg).
AirDrop is Apple's ad-hoc service that lets users discover nearby Macs and iOS devices and securely transfer files between them over Wi-Fi and Bluetooth. Users can send and receive photos, videos, documents, contacts, passwords and anything else that can be transferred from a Share Sheet.
Apple advertises the protocol as secure because the wireless connection uses Transport Layer Security (TLS) encryption, but the Beijing Municipal Bureau of Justice (BMBJ) says it has devised a way to bypass the protocol's encryption and reveal identifying information.
According to the BMBJ's website, iPhone device logs were analyzed to create a "rainbow table" which allowed investigators to convert hidden hash values into the original text and correlate the phone numbers and email accounts of AirDrop content senders.
The "technological breakthrough" has successfully helped the public security authorities identify a number of criminal suspects, who use the AirDrop function to spread illegal content, the BMBJ added.
"It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences," the bureau added.
It is not known if the security flaw in the AirDrop protocol has been exploited by a government agency before now, but it is not the first time a flaw has been discovered. In April 2021, German researchers found that the mutual authentication mechanism that confirms both the receiver and sender are on each other's address book could be used to expose private information. According to the researchers, Apple was informed of the flaw in May of 2019, but did not fix it.
Apple limited the use of the AirDrop on devices in China in November 2022, after anti-government activists used the function to spread political leaflets. AirDrop became restricted by default to Contacts Only, and the option to turn on AirDrop for "Everyone" was limited to 10 minutes.
With the launch of iOS 16.2, Apple expanded the AirDrop limitation it introduced in China to all users globally, but Apple said that the feature was actually introduced in an effort to cut down on spam content spread in crowded areas like malls and airports.
Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.
