Apple AirDrop shares more than files
ATHENE researchers discover significant privacy leak in Apple's file-sharing service
ATHENE researchers from TU Darmstadt have discovered that Apple users can not only share files with each other using AirDrop. Rather, uninvited persons can also access data. The resarchers developed a solution that could replace the insecure AirDrop. Apple was informed about the privacy gap, but has not yet closed it.
Pictures, presentations, or videos – for users of iPhones and macBooks it is extremely comfortable to share files via AirDrop, a service that enables the direct transfer of data between Apple devices. As sensitive data is typically exclusively shared with people who users already know, AirDrop only shows receiver devices from address book contacts by default. To determine whether the other party is a contact, AirDrop uses a mutual authentication mechanism that compares a user's phone number and email address with entries in the other user's address book.
The research groups led by ATHENE researchers Prof. Matthias Hollick and Prof. Thomas Schneider have examined this procedure more closely and found a serious data protection problem.
As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.
The discovered problems are rooted in Apple's use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. The fact that exchanging hashed phone numbers is insecure, as they can be quickly calculated back using brute force attacks, for example, was already proven by the researchers a few months ago (message from TU Darmstadt).
The research team also developed a solution named “PrivateDrop” to replace the flawed original AirDrop design. PrivateDrop is based on optimized cryptographic private set intersection protocols that can securely perform the contact discovery process between two users without exchanging vulnerable hash values. The researchers' iOS/macOS implementation of PrivateDrop shows that it is efficient enough to preserve AirDrop's exemplary user experience with an authentication delay well below one second.
The researchers informed Apple about the privacy vulnerability already in May 2019 via responsible disclosure. So far, Apple has neither acknowledged the problem nor indicated that they are working on a solution. This means that the users of more than 1.5 billion Apple devices are still vulnerable to the outlined privacy attacks. Users can only protect themselves by disabling AirDrop discovery in the system settings and by refraining from opening the sharing menu.
The research results were published in the scientific article"PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop" which will be presented at the renowned USENIX Security Symposium in August.show all news