AirDrop Vulnerability Exposed: China Claims to Track Senders

An organization collaborating with the Chinese government has reportedly exposed Apple’s AirDrop vulnerability. It is a feature facilitating file transfers between Mac and iOS devices.

The Beijing Municipal Bureau of Justice revealed that the Beijing Wangshendongjian Forensic Appraisal Institute was assigned the task of analyzing the device logs of phones submitted for inspection. During this analysis, forensic experts from the institute successfully cracked the AirDrop encryption, which safeguards the sender’s identity.

The bureau explained that inspection discovered certain fields related to the sender’s device name, email address, and mobile phone number. To quickly crack this field, the technical team created a detailed “rainbow table” of mobile phone numbers and email accounts. They also enable the conversion of ciphertext into plaintext and swiftly identifying the sender’s mobile phone number and email account.

AirDrop Vulnerability Exposed: China Claims to Track Senders

See Also: Apple Sales Witness Double Digit Decline in China – Why?

The bureau argued that such action was necessary due to citizens reporting instances where their iPhones received inappropriate content in the Beijing subway. The suspect allegedly used AirDrop to anonymously disseminate inappropriate information in public places. The bureau emphasized the challenge posed by AirDrop’s lack of reliance on an internet connection for delivery, making it difficult to monitor through conventional network monitoring methods.

Someone allegedly brought the reported flaw leading to the encryption breach to Apple’s attention in 2019. Thomas Schneider, a professor of computer science at Technische Universität Darmstadt, reported that TU Darmstadt researchers informed Apple about the flaw.

According to the institute’s research site, the exploit relies on “Apple’s insecure use of hash functions for ‘obfuscating’ contact identifiers in the AirDrop protocol execution,” which the university discovered and provided an open-source fix for in 2019.

It remains unclear whether Apple has addressed the AirDrop vulnerability. There has been no response from the company as of yet. Cryptography expert Matthew Green pointed out that fixing the flaw could have political implications between Apple and China.

Beijing authorities used the AirDrop exploit for criminal matters. Considering China’s history of aggressive hacking and intelligence collection, it has the potential to employ it for cyber espionage purposes. Last year, security agency heads from the U.S., Canada, the U.K., Australia, and New Zealand warned of the “unprecedented threat” posed by Chinese spying.

Check Also: Apple Supplier Shares Decline in Asia Amidst Barclays’ iPhone Downgrade