AirDrop vulnerability can show your phone number and passwords to malicious third parties
What you need to know
- A new AirDrop vulnerability can let malicious third parties acquire critical information.
- Among some of the info they can get are phone numbers and Wi-Fi passwords.
- About the only defense against this is turning off Bluetooth.
A newly discovered AirDrop security flaw can let anyone with a computer and the right software access critical information such as phone numbers and Wi-Fi passwords. The Hexway report, first spotted by Ars Technica, says users just have to have Bluetooth turned on broadcast to fall prey to the vulnerability.
There's also a video showing the vulnerability in action. It's a fairly simple process for malicious third parties. With a proof-of-concept trial, the report was able to gather dozens of iPhones and Apple Watches within range. All that was needed was a computer and sniffer dongle.
In general, the information being acquired isn't as important as say, social security numbers or bank information. However, it is still important information that users don't want to be sharing around, especially if third parties can weaponize them to gather more information about you.
Hexway calls this issue more of a "behavior" than a "vulnerability" as it is baked into iOS. About the only security measure you can take against this flaw is turning off Bluetooth entirely.
Get the best of iMore in your inbox, every day!
Wow, the flood gates are open for sure at apple. vulnerability after vulnerability. So much for we work for your security and privacy. Smoke and mirrors people. Reality distortion field.
Yes, you hear about the iOS ones (which Apple fixes pretty quickly), but never all the Android ones there are… 🤔