Set as Homepage - Add to Favorites

【Happy (2015)】

Source:Openness Information Network Editor:Shopping Time:2025-06-26 06:19:31

Apple's AirDrop is Happy (2015)undeniably convenient for sending photos, videos, links, and more between iPhones, iPads, and Macs. But there's one thing you probably didn't know AirDrop's sharing: part of your phone number, which in the wrong hands, could be used to recover your full digits.

Security researchers at Hexway (via Ars Technica) have discovered a "flaw" in AirDrop that can used to obtain unsuspecting iPhone users' phone numbers using software installed on a laptop and a Bluetooth and WiFi adapter to sniff them out.

Because of the way AirDrop works — it uses Bluetooth LE (Low Energy) to create a peer-to-peer WiFi network between devices for sharing — it broadcasts partial hashesof an iPhone user's phone number in order establish the device as a sending/receiving contact when sending a file.

SEE ALSO: 9 hidden iOS 13 features you need to know about

More serious is if you use Apple's WiFi password sharing feature, you're exposing hashed parts of your phone number, but also your Apple ID and email address.

Now, although AirDrop's only beaming partial hashes – a.k.a. some numbers and letters that have been scrambled (Hexway says only the "first 3 bytes of the hashes" are broadcast) — the researchers concluded that there's "enough to identify your phone number" if somebody really wanted to do it.

The researchers shared one scenario in which a hacker could secretly sniff out iPhone users' phone numbers:

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

- Create a database of SHA256(phone_number):phone_number for their region; e.g., for Los Angeles it’s: (+1-213-xxx-xxxx, +1-310-xxx-xxxx, +1-323-xxx-xxxx, +1-424-xxx-xxxx, +1-562-xxx-xxxx, +1-626-xxx-xxxx, +1-747-xxx-xxxx, +1-818-xxx-xxxx, +1-818-xxx-xxxx)

- Run a special script on the laptop and take a subway train

- When somebody attempts to use AirDrop, get the sender’s phone number hash

- Recover the phone number from the hash

- Contact the user in iMessage; the name can be obtained using TrueCaller or from the device name, as it often contains a name, e.g., John’s iPhone).

Errata Security CEO Rob Graham confirmed to Ars Technica Hexway's software, shared to GitHub, does indeed work. "It’s not too bad, but it’s still kind of creepy that people can get the status information, and getting the phone number is bad."

Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number. Hexway's researchers even admit that the partially-shared — and we can't stress this enough — information is a necessity to how AirDrop works.

"This behavior is more a feature of the work of the ecosystem than vulnerability," reports Hexway. The researchers further explained that they've "detected this behavior in the iOS versions starting from 10.3.1 (including iOS 13 beta)."

Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number.

Older iPhones, pre-iPhone 6S, however, appear to be safe based on their findings.

"Old devices (like all before iPhone 6s) are not sending Bluetooth LE messages continuously even if they have updated OS version," reports Hexway. "They send only limited number of messages (for example when you navigate to the Wi-Fi settings menu) probably Apple does that to save battery power on an old devices."

So, how can you stop potential snoopers from sniffing your Bluetooth information out? Turn off Bluetooth. Yes, that means you won't be able to connect AirPods or an Apple Watch to your iPhone, but if that's what will help you sleep at night, then it's the only option.

We've reached out to Apple for comment on Hexway's security findings and will update this story if we receive a response.

Featured Video For You
Here are five hidden iOS 13 features you should know about

Topics Apple Cybersecurity iPhone Privacy

Previous:AMD Radeon RX 550 + Intel Pentium G4560

Next:'The Last of Us' Season 2, episode 4: Why Ellie sings 'Take on Me'

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

No need to read 'The Book of Joy.' This kid's got you covered.Flamethrower attachments for drones now a reality'Avengers: Endgame' beat the last major 'Avatar' box office recordDavid Habour 'Black Widow' casting has 'Stranger Things 3' fans upsetTrump adds 'Apprentice' villain Omarosa to White House staffTrump tweets about SNL, Obama writes a 50Venomous snake casually dangles from girl's bedroom nightlightPeople are losing it over these ridiculously posh baby name suggestions4G is finally coming to the London UndergroundHey Upper East Siders, 'Gossip Girl' is coming back in a sequel seriesSundar Pichai recollects college romance during visit to his Alma MaterAlan Moore, writer worst served by Hollywood, calls it quitsKim Kardashian's selfies have returned to bring peace on EarthInstagram policy change means it can delete ruleNetflix blames 126,000 lost U.S. subscribers on price hikesHow to talk to kids and teens about pornWhile defending Trump, Kellyanne Conway asks reporter: 'What’s your ethnicity?’New video shows dummy models of upcoming iPhone 11Tinder trolls CES by pitching a regular reality headset'Fortnite' event caps off Season 9 with an epic kaiju showdown Here's what 24 hours at Glastonbury festival looks like Girl running away from a peacock is so glorious, she needed a Photoshop battle Twitter confused Iceland Foods with the football team and the result was glorious Truth Initiative takes on JUUL over teen vaping Creative Mom used Imgur to get her son to take out the trash Withings Body Cardio smart scale is as impressive as it is frustrating Elon Musk and Saudi Arabia are officially trying to take Tesla private What happens when internet subcultures get discovered by the masses Jerry Seinfeld posts jokey Google Maps reviews for his Netflix series Here's what more than 400 electric guitars trying to break a world record sounds like 'Fallout 76': 6 nifty features revealed at QuakeCon 2018 'Fortnite' for Android could be a security nightmare Amy Schumer, Seth Rogen stump for equal pay in Bud Light's latest fake political ad Planned Parenthood celebrates Supreme Court decision with perfect GIF of Ruth Bader Ginsburg Nicki Minaj hilariously weaves Stephen Colbert into 'Barbie Dreams' Several people stabbed in clashes at white extremists rally in Sacramento Jamie Oliver shares angry Boris Johnson Brexit rant on Instagram At 12, Khloe Kardashian promised she would never grow up. She lied. Lena Dunham sticks up for Taylor Swift after Kanye West's 'Famous' video 27 times Elizabeth Warren masterfully burned Donald Trump

2.5896s , 8223.765625 kb

Copyright © 2025 Powered by 【Happy (2015)】,Openness Information Network  

Sitemap

Top

Quick Links