Apple’s AirDrop and password sharing features can leak iPhone numbers

by
Dan Goodin
from Ars Technica - All content on (#4MCGM)
iPhone-XR-front-screen-on-800x534-800x53

Enlarge (credit: Valentina Palladino)

Apple makes it easy for people to locate lost iPhones, share Wi-Fi passwords, and use AirDrop to send files to other nearby devices. A recently published report demonstrates how snoops can capitalize on these features to scoop up a wealth of potentially sensitive data that in some cases includes phone numbers.

Simply having Bluetooth turned on broadcasts a host of device details, including its name, whether it's in use, if Wi-Fi is turned on, the OS version it's running, and information about the battery. More concerning: using AirDrop or Wi-Fi password sharing broadcasts a partial cryptographic hash that can easily be converted into an iPhone's complete phone number. The information-which in the case of a Mac also includes a static MAC address that can be used as a unique identifier-is sent in Bluetooth Low Energy packets.

The information disclosed may not be a big deal in many settings, such as work places where everyone knows everyone anyway. The exposure may be creepier in public places, such as a subway, a bar, or a department store, where anyone with some low-cost hardware and a little know-how can collect the details of all Apple devices that have BLE turned on. The data could also be a boon to companies that track customers as they move through retail outlets.

Read 6 remaining paragraphs | Comments

index?i=vnYI-TTKrJE:SBZAY61j2QA:V_sGLiPB index?i=vnYI-TTKrJE:SBZAY61j2QA:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments