Since its initial release in July of 2011, Apple has faced mixed responses for the AirDrop feature that allows users to transfer photos and documents between nearby Macintosh computers and iOS devices over Wi-Fi and Bluetooth. Now Apple AirDrop security has come into question as users may be enabling strangers to learn their phone number.
Cybersecurity researchers at Hexway have discovered that AirDrop can be used to acquire part of your number through partial hashes broadcast through this peer-to-peer connection. Hashes are essentially a few bytes of your phone number and a few letters that can be deduced to a relatively small possible set of phone numbers. The problem is, this partial sequence of bytes can be compared to the area codes in the region to obtain the remaining digits.
According to an article on Mashable, “Scary as this ‘flaw’ appears, it’s very unlikely anyone will go through these lengths to recover your phone number. Hexway’s researchers even admit that the partially-shared—and we can’t stress this enough—information is a necessity to how AirDrop works.”
This isn’t to say, that it can’t happen to you. Hexway’s report includes a proof-of-concept software that Errata Security CEO Rob Graham installed to confirm the information broadcast. As a result, according to Ars Technica, “within a minute or two [Graham] captured details of more than a dozen iPhones and Apple Watches that were within radio range of the bar where he was working.” Confirming that it’s not too difficult for a stranger to also obtain those same details.
Although the relationship you have with your iOS device is give-and-take, you should still take some basic precautions. Not only can you prevent someone from harassing you via AirDrop, you’ll also ensure that you aren’t giving anyone you don’t know the opportunity to get your phone number or any other personal details.
So make sure your AirDrop privacy is set to “Contacts Only” when you are transmitting information between yourself and another known-user. You can also set to “Receiving Off” when you are in public spaces to avoid any unwanted file sharing to occur. Most importantly, watch your surroundings when you are transferring important information from your iOS device to those within range, so that a sneak-peek into your private details doesn’t allow a stranger to get your digits. Read more AirDrop Parental Controls here.
Apple AirDrop Can Leak Your Phone Number — Sources
Fast Company: Security Warning re: Apple AirDrop
Apple: AirDrop Info
Mashable: AirDrop Flaw
Ars Technica: Leaking Phone Numbers