Apple's AirDrop & Wifi Password Sharing Feature Poses Serious Security Threat

Apple devices such as iPhone and Mac supports AirDrop and WiFi password sharing, however, as per security organization Hexway, these technologies can broadcast partially encrypted (SHA256) hashes that can be used to get details such as the phone number of the iPhone or the static MAC address of the Mac, and that can be done by anyone with a laptop and scanning software.

The essence of the issue is packets sent via Bluetooth Low Energy, which for devices convey data such as name, operating system version, battery status, etc. This is generally harmless and essential, but it may be used by some hackers to monitor individuals or launch more severe attacks. They can also send their own BLE requests and masquerade as devices like AirPods, or force the target hardware to share Wi-Fi passwords.

The Security vulnerability appears in iOS 10.3.1 and all later versions, though products prior to iPhone 6s only sent a limited number of messages instead of continuous streams. In any case, the only way to eliminate the threat is to turn off Bluetooth, but many devices require Bluetooth, such as headphones or Apple Watch, so it may not be worth that shot, so you may just want to disable AirDrop or setting it to "Contacts Only."

Post a Comment

Previous Post Next Post