AirDrop Apple is undeniably convenient for sending photos, videos, links and more between iPhone, iPad and Mac. But there is one thing you might not know about AirDrop sharing: part of your telephone number, which is in the wrong hands, can be used to recover your full number.
Security researchers at Hexway (via Ars Technica) have found a “flaw” on AirDrop that can be used to get unsuspecting iPhone user phone numbers using software installed on laptops and Bluetooth and WiFi adapters to sniff it out.
Because of the way AirDrop works – using Bluetooth LE (Low Energy) to create peer-to-peer WiFi networks between devices to share – it broadcasts a partial hash of iPhone user numbers to make the device send / receive contacts when sending files.
Gold-plated Trump iPhone now released for the rich iPhone Users
iPhone users Beware! This short video can crash your iPhones
How to Download iOS 11
What’s more serious is that if you use Apple’s WiFi password sharing feature, you expose the hash section of your telephone number, but also your Apple ID and email address.
Now, although only AirDrop beamed partial hashes – aka some numbers and letters have been randomized (Hexway says only “the first 3 bytes of hash” are broadcast) – the researchers concluded that there was “enough to identify your telephone number” if someone was right really want to do it.
Researchers share a scenario where a hacker can secretly sniff iPhone phone numbers:
– Create a database of SHA256(phone_number):phone_number for their region; e.g., for Los Angeles it’s: (+1-213-xxx-xxxx, +1-310-xxx-xxxx, +1-323-xxx-xxxx, +1-424-xxx-xxxx, +1-562-xxx-xxxx, +1-626-xxx-xxxx, +1-747-xxx-xxxx, +1-818-xxx-xxxx, +1-818-xxx-xxxx)
– Run a special script on the laptop and take a subway train
– When somebody attempts to use AirDrop, get the sender’s phone number hash
– Recover the phone number from the hash
– Contact the user in iMessage; the name can be obtained using TrueCaller or from the device name, as it often contains a name, e.g., John’s iPhone).
Errata Security’s CEO, Rob Graham, confirmed the Ars Technica Hexway software, which was shared with GitHub, did work. “This isn’t too bad, but it’s still rather scary that people can get status information, and getting a telephone number is bad.”
Scary when this “defect” appears, it is very unlikely that anyone will do this to recover your phone number. Hexway researchers even recognize that some are shared – and we cannot emphasize this enough – information is a necessity for how AirDrop works.
“This behavior is more an ecosystem work feature than a vulnerability,” reports Hexway. The researchers further explained that they had “detected this behavior in the iOS version starting at 10.3.1 (including iOS 13 beta).”
The old iPhone, pre-iPhone 6S, however, seems safe based on their findings.
“Older devices (like all before the iPhone 6s) do not send LE Bluetooth messages continuously even if they have updated the OS version,” reported Hexway. “They only send a limited number of messages (for example when you navigate to the Wi-Fi settings menu) maybe Apple did that to save battery power on the old device.”
So, how can you stop potential scouts from sniffing your Bluetooth information? Turn off Bluetooth. Yes, that means you won’t be able to connect AirPods or Apple Watch to your iPhone, but if that’s what will help you sleep at night, that’s the only choice.
We have contacted Apple to comment on Hexway’s security findings and will update this story if we receive a response.