What you need to know
- A new AirDrop vulnerability can let malicious third parties acquire critical information.
- Among some of the info they can get are phone numbers and Wi-Fi passwords.
- About the only defense against this is turning off Bluetooth.
A newly discovered AirDrop security flaw can let anyone with a computer and the right software access critical information such as phone numbers and Wi-Fi passwords. The Hexway report, first spotted by Ars Technica, says users just have to have Bluetooth turned on broadcast to fall prey to the vulnerability.
Simply having Bluetooth turned on broadcasts a host of device details, including its name, whether it's in use, if Wi-Fi is turned on, the OS version it's running, and information about the battery. More concerning: using AirDrop or Wi-Fi password sharing broadcasts a partial cryptographic hash that can easily be converted into an iPhone's complete phone number. The information—which in the case of a Mac also includes a static MAC address that can be used as a unique identifier—is sent in Bluetooth Low Energy packets.
There's also a video showing the vulnerability in action. It's a fairly simple process for malicious third parties. With a proof-of-concept trial, the report was able to gather dozens of iPhones and Apple Watches within range. All that was needed was a computer and sniffer dongle.
In general, the information being acquired isn't as important as say, social security numbers or bank information. However, it is still important information that users don't want to be sharing around, especially if third parties can weaponize them to gather more information about you.
Hexway calls this issue more of a "behavior" than a "vulnerability" as it is baked into iOS. About the only security measure you can take against this flaw is turning off Bluetooth entirely.
We may earn a commission for purchases using our links. Learn more.
Apple says its offices in the US will not fully reopen until at least 2021
According to a report from Bloomberg, Apple is planning for its office and many of its retail workers to remain remote for the rest of the year.
Review: The Oak Hollow Aloria Series Office Chair is comfy and customizable
To maximize your productivity, you need a comfortable, ergonomic office chair. Consider Oak Hollow Furniture's multi-adjustable Aloria Series Office Chair, designed for comfort.
Let's talk iOS 14 public betas, AirPods, and technostalgia
It's been a busy week with Apple releasing public betas for iOS 14, iPadOS 14, and tvOS 14. We also talk about the AirPods design rumors and more.
Don't worry about dropping your MacBook Pro with these cases
Buying an Apple laptop is a big investment. When you've paid out for a MacBook, you may as well splash out a little more for some decent protection. If you're worried about dings, dents, and cracks in your MacBook Pro, check out these rugged cases.