Apple's AirDrop is cerita lucah akakundeniably convenient for sending photos, videos, links, and more between iPhones, iPads, and Macs. But there's one thing you probably didn't know AirDrop's sharing: part of your phone number, which in the wrong hands, could be used to recover your full digits.
Security researchers at Hexway (via Ars Technica) have discovered a "flaw" in AirDrop that can used to obtain unsuspecting iPhone users' phone numbers using software installed on a laptop and a Bluetooth and WiFi adapter to sniff them out.
Because of the way AirDrop works — it uses Bluetooth LE (Low Energy) to create a peer-to-peer WiFi network between devices for sharing — it broadcasts partial hashesof an iPhone user's phone number in order establish the device as a sending/receiving contact when sending a file.
SEE ALSO: 9 hidden iOS 13 features you need to know aboutMore serious is if you use Apple's WiFi password sharing feature, you're exposing hashed parts of your phone number, but also your Apple ID and email address.
Now, although AirDrop's only beaming partial hashes – a.k.a. some numbers and letters that have been scrambled (Hexway says only the "first 3 bytes of the hashes" are broadcast) — the researchers concluded that there's "enough to identify your phone number" if somebody really wanted to do it.
The researchers shared one scenario in which a hacker could secretly sniff out iPhone users' phone numbers:
- Create a database of SHA256(phone_number):phone_number for their region; e.g., for Los Angeles it’s: (+1-213-xxx-xxxx, +1-310-xxx-xxxx, +1-323-xxx-xxxx, +1-424-xxx-xxxx, +1-562-xxx-xxxx, +1-626-xxx-xxxx, +1-747-xxx-xxxx, +1-818-xxx-xxxx, +1-818-xxx-xxxx)
- Run a special script on the laptop and take a subway train
- When somebody attempts to use AirDrop, get the sender’s phone number hash
- Recover the phone number from the hash
- Contact the user in iMessage; the name can be obtained using TrueCaller or from the device name, as it often contains a name, e.g., John’s iPhone).
Errata Security CEO Rob Graham confirmed to Ars Technica Hexway's software, shared to GitHub, does indeed work. "It’s not too bad, but it’s still kind of creepy that people can get the status information, and getting the phone number is bad."
Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number. Hexway's researchers even admit that the partially-shared — and we can't stress this enough — information is a necessity to how AirDrop works.
"This behavior is more a feature of the work of the ecosystem than vulnerability," reports Hexway. The researchers further explained that they've "detected this behavior in the iOS versions starting from 10.3.1 (including iOS 13 beta)."
Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number.
Older iPhones, pre-iPhone 6S, however, appear to be safe based on their findings.
"Old devices (like all before iPhone 6s) are not sending Bluetooth LE messages continuously even if they have updated OS version," reports Hexway. "They send only limited number of messages (for example when you navigate to the Wi-Fi settings menu) probably Apple does that to save battery power on an old devices."
So, how can you stop potential snoopers from sniffing your Bluetooth information out? Turn off Bluetooth. Yes, that means you won't be able to connect AirPods or an Apple Watch to your iPhone, but if that's what will help you sleep at night, then it's the only option.
We've reached out to Apple for comment on Hexway's security findings and will update this story if we receive a response.
Topics Apple Cybersecurity iPhone Privacy
What's so special about a Stanley cup? A guide to conspicuous consumption on TikTok.
It's probably not aliens: 'Oumuamua theory suggests simpler origins
Online piano lessons bring high
What did critics think of 'Zach Snyder's Justice League'?
Датамайнер: в League of Legends добавят передвижение клавишами клавиатуры
Wikipedia wants to charge Google, Amazon, and Apple for using its content
Elon Musk is now the official 'Technoking' of Tesla, whatever that means
The 16 best tweets of the week, including stimmies, the plums meme, and illegal seafood
What Are the Best CCleaner Alternatives?
Netflix's 'Marriage or Mortgage' is glossy, binge
Wordle today: The answer and hints for December 11
The 'Trading Places' reference in 'Coming 2 America' is everything
Dictionary.com adds new words reflecting online activism and work
The pandemic pushed us deeper into the internet rabbit hole, and most of us can't keep track
В файлах CS2 нашли новое упоминание гранат
Teen behind the Bitcoin/Twitter hack sentenced to 3 years in prison
The iPhone just got 'important security updates.' Download them.
Dictionary.com adds new words reflecting online activism and work
Google's former CEO: Companies shouldn't let climate concerns slow AI advances
How some indigenous communities have built their own internet
Huawei’s upcoming ADAS software to feature “endTencent responds to data leak concerns over WeChat File Transfer Assistant · TechNodeEVs overtake monthly gasoline car sales for first time in China · TechNodeMeituan set to enter Riyadh as early as September · TechNodeOver 70 apps test China’s new cyber ID system based on realNYT Connections hints and answers for May 23: Tips to solve 'Connections' #712.General Motors reduces workforce in China, mulls restructuring with partner · TechNodeOpenAI teams up with Apple's Jony Ive to make AINews/Media Alliance says Google’s AI Mode is 'theft'Spend $100 at Chewy, get a free $30 gift card — up to three times 'Starstruck' is a sweet, funny rom The giant heads of 'Mount Recyclemore' highlight the world's e Nintendo is opening its own museum so fans can explore its history Facebook's Bulletin newsletter service may launch in June OldOS app lets you turn your new iPhone into an ancient one 14 best tweets of the week, including autocorrect duck, Matt LeBlanc, and cicadas 6 personal finance podcasts that won't bore you to death President Biden drops Trump orders banning TikTok and WeChat Move over, TikTok. Paste Keyboard tops the App Store. Someone literally broke the internet
0.1509s , 9972.921875 kb
Copyright © 2025 Powered by 【cerita lucah akak】Enter to watch online.Researchers discover AirDrop is leaking part of your phone number,
