IPhone users should be careful: security analysts are now warning that there could be a serious impact on Apple’s popular AirDrop feature. Attackers can take advantage of a protocol error here to access user data.
Apple users can easily share files such as pictures or videos with each other wirelessly using the AirDrop feature. A new study However, TU Dormstad now shows that even uninvited guests can access user data via a weak point of the software.
Air Drop checks before transfer to ensure that files are shared only with contacts IPhones Or iPads, someone else’s cell phone number and email address and compares them with data stored in the contact book.
However, researchers have shown that attackers can use this method to access user data – even if they are not stored in contact with the user. The only thing attackers need is a Wi-Fi enabled device close to the victim.
Apple: The security gap in iPhones and company has been known for two years
When the stock menu opens on iPhones or iPods, the respective contact details are hashed – this confirms authentication on other devices with AirDrop. However, as researchers write, this is not enough protection for user data. Encrypted data can be re-counted by attackers in milliseconds and thus tapped.
According to security analysts, this security gap has been known at Apple for about two years – but it has not yet been closed and is still active on the latest versions of iOS and MacOS. According to analysts, unsecured hash value is basically possible without authentication, which is why they have developed their own, highly secure authentication protocol.
For now, users only have the option to completely block the air drop via the “Controls” item in the “Screen Time” menu. Getting via Air Drop is basically iOS and Co. May be turned off with, but when the stock menu is opened, contact details are still sent in this case.
“Avid writer. Subtly charming alcohol fanatic. Total twitter junkie. Coffee enthusiast. Proud gamer. Web aficionado. Music advocate. Zombie lover. Reader.”