Apple's AirDrop is Randy Spears Archivesundeniably convenient for sending photos, videos, links, and more between iPhones, iPads, and Macs. But there's one thing you probably didn't know AirDrop's sharing: part of your phone number, which in the wrong hands, could be used to recover your full digits.
Security researchers at Hexway (via Ars Technica) have discovered a "flaw" in AirDrop that can used to obtain unsuspecting iPhone users' phone numbers using software installed on a laptop and a Bluetooth and WiFi adapter to sniff them out.
Because of the way AirDrop works — it uses Bluetooth LE (Low Energy) to create a peer-to-peer WiFi network between devices for sharing — it broadcasts partial hashesof an iPhone user's phone number in order establish the device as a sending/receiving contact when sending a file.
SEE ALSO: 9 hidden iOS 13 features you need to know aboutMore serious is if you use Apple's WiFi password sharing feature, you're exposing hashed parts of your phone number, but also your Apple ID and email address.
Now, although AirDrop's only beaming partial hashes – a.k.a. some numbers and letters that have been scrambled (Hexway says only the "first 3 bytes of the hashes" are broadcast) — the researchers concluded that there's "enough to identify your phone number" if somebody really wanted to do it.
The researchers shared one scenario in which a hacker could secretly sniff out iPhone users' phone numbers:
- Create a database of SHA256(phone_number):phone_number for their region; e.g., for Los Angeles it’s: (+1-213-xxx-xxxx, +1-310-xxx-xxxx, +1-323-xxx-xxxx, +1-424-xxx-xxxx, +1-562-xxx-xxxx, +1-626-xxx-xxxx, +1-747-xxx-xxxx, +1-818-xxx-xxxx, +1-818-xxx-xxxx)
- Run a special script on the laptop and take a subway train
- When somebody attempts to use AirDrop, get the sender’s phone number hash
- Recover the phone number from the hash
- Contact the user in iMessage; the name can be obtained using TrueCaller or from the device name, as it often contains a name, e.g., John’s iPhone).
Errata Security CEO Rob Graham confirmed to Ars Technica Hexway's software, shared to GitHub, does indeed work. "It’s not too bad, but it’s still kind of creepy that people can get the status information, and getting the phone number is bad."
Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number. Hexway's researchers even admit that the partially-shared — and we can't stress this enough — information is a necessity to how AirDrop works.
"This behavior is more a feature of the work of the ecosystem than vulnerability," reports Hexway. The researchers further explained that they've "detected this behavior in the iOS versions starting from 10.3.1 (including iOS 13 beta)."
Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number.
Older iPhones, pre-iPhone 6S, however, appear to be safe based on their findings.
"Old devices (like all before iPhone 6s) are not sending Bluetooth LE messages continuously even if they have updated OS version," reports Hexway. "They send only limited number of messages (for example when you navigate to the Wi-Fi settings menu) probably Apple does that to save battery power on an old devices."
So, how can you stop potential snoopers from sniffing your Bluetooth information out? Turn off Bluetooth. Yes, that means you won't be able to connect AirPods or an Apple Watch to your iPhone, but if that's what will help you sleep at night, then it's the only option.
We've reached out to Apple for comment on Hexway's security findings and will update this story if we receive a response.
Topics Apple Cybersecurity iPhone Privacy
Every MCU movie villain ranked, from "Iron Man" to "Thunderbolts*"
Twitch streamer Ninja shares cancer diagnosis
Trump to allow imports of elephant trophies on 'case
'Godzilla x Kong: The New Empire' review: Do the puny humans spoil the fun again?
Best earbuds deal: Save 20% on Soundcore Sport X20 by Anker
'3 Body Problem' showrunners on what the San
Twitch streamer Ninja shares cancer diagnosis
Best Apple Vision Pro deal: Save $200 on a new unit at Woot! for a limited time
Astronomers saw one galaxy impale another. The damage was an eye
Best smart thermostat deal: Save $5 on a refurbished Amazon Smart Thermostat at Woot!
Shop the Google Pixel Pro 9 for $200 off at Amazon
UK crypto regulations: Meme ads from 'finfluencers' can't be misleading, FCA warns
The Facebook 'Poke' is being revived by Gen Z
Pornhub could soon ban Florida as well
Amazon Prime Grubhub deal: Save $10 off orders of $20 or more
Here are the last things Stephen Hawking wrote on Reddit
'3 Body Problem' showrunners on what the San
#rateaspecies is basically Yelp reviews for zoo animals
#rateaspecies is basically Yelp reviews for zoo animals
Apple confirms WWDC 2024 will start on June 10
James Salter's Acceptance Speech by James SalterThe Future of Toilet Art Is in Japan10 best websites for dog ownersLetters of a Nerd: William Carlos Williams Writes to His MomEvelyn Waugh on the Modernists: “Great Rot”33 best horror movies on Prime Video to keep you up at nightYouTuber MrBeast goes pro with Charlotte Hornets jersey sponsorshipPrime Day Echo Show deal: Save on Echo Show 10, moreRamon Todo‘s Glass Books: Good for Looking, Not for ReadingSeptember SongSeptember SongItalo Calvino Loved Arriving Late at the Movies—Good on HimEveryone Loves a Citation Scandal, Right?On Hating—and Then Loving—The Little PrinceFrench Frames: Golden, Gilt, GrandioseTesla launches upgraded Model Y in ChinaRoland Barthes Foresees the Rise of TrumpJoseph Roth: All Publishers Are Bad BusinessmenTaking Apart the Glitz and Glamour of Modern WebsitesWordle today: Here's the answer and hints for October 1 Family trip to the safari park takes a sudden turn for the worse New artificial intelligence technique could erase fear from your brain 'Fantastic Beasts' can't conjure 'Harry Potter' magic at the box office Ninjas in Pyjamas beat SK Gaming to win 'CS:GO' champinoship 'Gilmore Girls': 10 modern Americans are now fighting over where Melania and Barron Trump will live Mike Pence tries to end the 'Hamilton' drama while Trump stokes the flames Uber taps the big fat Indian wedding season Trump tweeted about 'Hamilton' again and then deleted it Kanye West goes on a rant and ends his concert early in Sacramento Be careful, there's a fake Google out there Partying gets dangerous as teens Snapchat balcony hopping Strangers step in after woman unleashes racist rant on bus Google's AI Mode search tool gets a voice Selena Gomez caps off AMA win with emotional speech: 'You don't have to stay broken' PepsiCo India taps social media to hire millennials Sound guy leveled by Minnesota Vikings is a metaphor for 2016 Instagram makes live video official as it turns up the heat on Snapchat 15 facts about Nigel Farage, Trump's BFF across the pond 30 gift ideas for people who hate to cook
2.5796s , 10133.4765625 kb
Copyright © 2025 Powered by 【Randy Spears Archives】,Miracle Information Network