Is Apple AirDrop Secure? This Reported Bluetooth Flaw Is Troubling
If you have an iPhone, you've likely used Apple's AirDrop feature to quickly and easily transfer photos, videos, and other documents to your other Apple devices or to other iPhone users. But a new reported security flaw discovered in AirDrop might compromise the privacy of your information, reportedly including a sensitive piece of information you may not want strangers to have access to. So, is Apple's AirDrop secure? A new reported bluetooth flaw is pretty troubling and might mean what happens on your iPhone doesn't necessarily stay on your iPhone. Elite Daily reached out to Apple for comment on the reported security issue, but did not hear back at the time of publication.
A recent report from cybersecurity company Hexway apparently found that by using AirDrop or WiFi password-sharing, which are both done over bluetooth, anyone with a laptop and scanning system can reportedly see information like your WiFi status, whether or not the device is in use, your device name, its OS version, and even your entire 10-digit phone number. Elite Daily reached out to Apple for comment on the reported information at stake with the reported flaw, but did not hear back at the time of publication.
Per Ars Technica, the danger reportedly comes when you broadcast "a partial SHA256 hash" of your phone number, which happens when using bluetooth. Per Hexway, the researchers behind the news, even though only the first three bytes of the hash are broadcast, it's reportedly enough for a would-be hacker to recover your phone number. Though this may not compromise your privacy in an office or house where many people already know you, your phone number, and some other personal information, it could be an issue in public spaces like cafes, bus stops, subways, parks, or bars where potential hackers could reportedly gain access to your personal data when you share any information over bluetooth. According to Ars Technica, it's apparently pretty easy for people to do this, since "anyone with some low-cost hardware and a little know-how can collect the details of all Apple devices that have BLE turned on." Um, that's pretty scary. In its report, Hexway even shared videos of how potential hackers can reportedly make this happen with AirDrop and WiFi password sharing.
According to 9to5 Mac, despite the fact that Apple apparently takes measures to prevent such security flaws, it's reportedly pretty easy to crack the measures and access information through bluetooth. At the moment, the only way around this issue is to turn off your bluetooth until, as iPhoneHacks notes, Apple rolls out a software update to fix it. Elite Daily reached out to Apple for comment on the reported issue with AirDrop any possible software fixes but did not hear back by the time of publication.
Bugs like this latest reported AirDrop issue aren't uncommon, and although they're usually fixed with a software update, they usually impact several users first. Back in February 2019, Apple users reported a serious flaw in the iOS 12.1.4 update which apparently prevented iPad and iPhone users from connecting to LTE and WiFi, meaning they couldn't access their data at all. Elite Daily previously reached out to Apple about the reported issue, but did not hear back at the time of publication. Though there were a variety of fixes for the reported issue that users could implement at home, like turning the phone on and off airplane mode, making sure call forwarding was off, and removing a sim card, many users still had issues with their data and connectivity and had to bring their phones to Genius Bar employees at the Apple Store for further inspection.
Since the latest reported AirDrop flaw was only recently discovered, time will tell how and if it will affect iOS bluetooth users. I don't know about you, but I'm definitely going to be more careful using AirDrop or even having my iPhone's bluetooth on in public places.