Cybersecurity
April 27, 2021 - 4:08 pmThe alarm from the researchers of the University of Darmstadt, and there is no way to defend themselves except by deactivating the function. Alerted two years ago, Apple has not yet intervened
by Alessandro Vinci
A-A + shadow Print EmailAirDrop, the technology of the Apple ecosystem that allows you to exchange files and documents between Apple devices wirelessly, has a flaw that allows potential hackers to steal private information in a few thousandths of a second. The alarm comes from researchers from the Computer Science department of the Technical University of Darmstadt, Germany, who in a report published Wednesday warned users of the cybersecurity risks associated with the function. At the origin of the problem - they explain - there is the "mutual authentication mechanism" that the system uses to "determine if the other party is a contact". In fact, when two devices connect via AirDrop, they compare in the background "the user's phone number and email address with the entries in the other user's address book". This naturally occurs in encrypted form, but according to experts the hashing technique - that is, the conversion of the information exchanged into an anonymous character sequence - used by Apple is not sufficient to guarantee privacy.
Constant danger
More specifically, the problem would not lie so much in the protection adopted by Cupertino (of the SHA-256 type), as in the lack of an additional level of security. Criminals in possession of specific software would in fact be able to invert the values in the blink of an eye through "simple techniques such as brute-force attacks" capable of deciphering the key used by inserting all possible combinations. This means that anyone with AirDrop running is constantly vulnerable. On the other hand, as the report explains, all that a potential hacker would need to undermine the information of others would be only "a Wi-Fi device and the physical proximity of the target to start the discovery process by opening the sharing panel on iOS or macOS ». In fact, nothing different from the technique used by those who use AirDrop to send obscene images to strangers in the vicinity (digital harassment known as "cyber flashing").
How to defend yourself
What's worse is that the company, informed of the vulnerability by German researchers as early as May 2019, has not yet lifted a finger to solve it: "So far, Apple has neither recognized the problem nor indicated that it is working on a solution - reads -. This means that users of over 1.5 billion Apple devices are still vulnerable to this attack ». In order not to run any risk, it is therefore advisable to intervene at the root and deactivate AirDrop by selecting «Reception not active» in the relative menu (which also includes the default options «Contacts only» and «All»). Since the operation is reversible, if needed, the function can then be restored at any time, preferably away from public places.
April 27, 2021 (change April 27, 2021 | 16:10) © RESERVED REPRODUCTION