'Significant' security flaw found in Apple's AirDrop
What you need to know
- German researchers say they've found a significant flaw in Apple's AirDrop security.
- They say a vulnerability could reveal user phone numbers and email addresses.
- The group also says it told Apple about the issue two years ago.
A group of researchers from the Technical University of Darmstadt say they've found a massive flaw in Apple's AirDrop technology that could expose user's email addresses and phone numbers when using devices like the iPhone 12.
In a press release this week the group stated:
The group says that investigations into Apple's mutual authentication mechanism, which AirDrop uses to determine whether another nearby iPhone is one of your contacts, unearthed a "severe privacy leak":
The group says it has already cooked up a more secure alternative and says it told Apple about the problem in May 2019 to no avail, with Apple neither acknowledging the problem nor stating it was working on a fix. The group plans to present its findings in August to the USENIX Security Symposium.
Get the best of iMore in your inbox, every day!
Stephen Warwick has written about Apple for five years at iMore and previously elsewhere. He covers all of iMore's latest breaking news regarding all of Apple's products and services, both hardware and software. Stephen has interviewed industry experts in a range of fields including finance, litigation, security, and more. He also specializes in curating and reviewing audio hardware and has experience beyond journalism in sound engineering, production, and design.
Before becoming a writer Stephen studied Ancient History at University and also worked at Apple for more than two years. Stephen is also a host on the iMore show, a weekly podcast recorded live that discusses the latest in breaking Apple news, as well as featuring fun trivia about all things Apple. Follow him on Twitter @stephenwarwick9
Yes, Apple has a distressing lack of interest in security.