Apple cybersecurity flaw: the AirDrop app could have put the data of millions of users at risk

March 9, 2022

Cybersecurity has played a weak role during the month of April. This time, security researchers at the Technische Universitat Darmstadt in Germany have warned that there is a possibility that Apple's AirDrop app is sharing unwanted company files between users.

How is this leak possible? With just the phone number, the email of a person who is registered in AirDrop and a computer with internet, you can open the app panel to exchange information on iOS or macOS devices.

The problem originates from AirDrop's "Contacts Only" option, since the researchers comment that to identify if an application user is in their address book, a mutual authentication mechanism is used to make a reference to the phone number. and the email of the individual in the contact list.

Even though Apple is employing encryption for data exchange, this security can easily be cracked through brute force hacking.

In some cases, security flaws can become a weak point for companies because numerous private information about users can come to light, see a clear example such as Facebook. However, security researchers frequently find vulnerabilities that end up being fixed to prevent these leaks.

Apple's reaction


Cybercriminals have only published a small part of the millions of stolen data. They leak all the data of the cyberattack on Phone House, with 13 million affected customers Apple was already aware of this security flaw since 2019, on the contrary, researchers from the Technische Universitat Darmstadt state that “the brand has not recognized the problem nor has it indicated that They are working on a solution.” This means that several Apple devices are vulnerable to this failure. On the other hand, the brand was presented with a solution called ''PrivateDrop'' based on cryptographic protocols to avoid these drawbacks.

Recommendations

If you are an Apple user and especially an AirDrop user, try disabling this application in 'System Settings' in order to refrain from opening the panel in the case of file sharing.


For more information on this and other topics
you can send us a message

contact us