The latest exposure of the iPhone’s big loophole: transmitting files will reveal personal privacy, and Apple has been aware of it for more than two years.

2025年8月24日 | admin | D4

Jia Haonan came from Aofei Temple.

Quantum bit report | WeChat official account QbitAI

Kind reminders from iPhone users always make people feel warm:

So I backhand to a "thank you":

It doesn’t matter if the iPhone’s AirDrop is used up. Not only is it a trivial matter of being harassed, but hackers can also intercept personal information in a few milliseconds.

It’s basically equivalent to making your mobile phone number, email address and other contact information public.

Moreover, this bug has long been known by Apple, but it has not been fixed.

There was no time to flash, and the information was leaked.

What’s going on?

Researchers at Darmstadt University of Technology have conducted in-depth research on loopholes, and their conclusion is:

Apple AirDrop has a two-way vulnerability. No matter whether it is accepted or sent, as long as it is opened, hackers can crack the user’s mailbox, phone number and other information in a few milliseconds.

Personal information intercepted by hackers may be used for precision phishing attacks, fraud, etc. The simplest way is to resell personal information directly for profit.

AirDrop, the name that domestic users are more familiar with, is airdrop, which is transmitted through Bluetooth and wifi. Among them, Bluetooth "handshakes" and Wi-Fi "transmits".

The whole transmission process does not require the participation of public network connections.

But the problem lies in the "handshake phase" of Bluetooth.

In the transmission confirmation stage, in order to determine whether the equipment of the possible sender should be connected with other nearby equipment, AirDrop will broadcast the local Bluetooth signal, which contains the partial encrypted hash value of the sender’s phone number and email address.

If there is a hash value that matches someone’s information in the address book of the receiving device, the two devices will shake hands for mutual authentication through Wi-Fi.

Of course, if the recipient is set to receive from any device, the address book verification can be skipped.

During the handshake, the device will exchange the complete SHA-256 hash value of the owner’s phone number and email address.

Originally, the original information that generated them cannot be directly transcribed from the hash value, but it may be calculated according to the entropy or the number of random values in the plaintext.

Therefore, in theory, hackers can do this by carrying out "violent attacks", that is, throwing out a large number of test values and "bumping" out the correct information.

The key point is that in a phone number or an e-mail address, the information entropy is negligible.

Even a database containing all possible phone numbers in the world. It only takes a few milliseconds to find a hash value in it.

That’s it. It was too late to flash, and the information leaked out.

Hackers "wait for the rabbit"

In the simplest way, hackers only need to monitor the discovery requests sent by other nearby devices without any prior information.

For example, just install a Bluetooth "bug" in public places.

The second method is the reverse.

The attacker opens the sharing menu to see if there is a nearby device responding to his handshake request message.

But this technology is not as widely applicable as the first method, because it only works when the attacker’s information is already in the receiver’s address book.

However, attacks from "acquaintances" are equally terrible.

For example, the company boss can use it to get the non-work phone number or email address of any employee.

For two years, Apple turned a deaf ear.

Does Apple know?

Of course I know. Besides, I knew it two years ago.

Not only do I know, the team of Darmstadt University of Technology, which discovered the vulnerability, has also specially developed a vulnerability patch PrivateDrop, which allows both parties to shake hands with each other without exposing the hash value.

When the vulnerability was reported in 2019, the patch was submitted together.

But two years later, the stone sank into the sea.

Apple officials have never responded to whether the researchers adopted their scheme, and the loopholes have never been fixed.

Ready-made answers are too lazy to copy …

So until today, as long as there are users who use airdrop delivery, there is a risk of revealing personal information.

At present, the only way to prevent leakage is to set AirDrop to "no one" in the system settings menu.

The launch of iOS 14.5 was originally known for its security, but now it has been exposed that serious vulnerabilities have lasted for two years and affected 1.5 billion users around the world.

By the way, I would also like to remind you that not only iOS, macOS and iPadOS on the iPhone, but also all Apple devices with the function of "air drop delivery" are under threat.

Reference link

https://arstechnica.com/gadgets/2021/04/apples-airdrop-leaks-users-pii-and-theres-not-much-they-can-do-about-it/

End—

This article is the original content of the signing account [Quantum Bit] of Netease News Netease Special Content Incentive Plan, and it is forbidden to reprint it at will without the authorization of the account.

Original title: "The latest exposure of iPhone vulnerabilities: transmitting files will reveal personal privacy, and Apple has not changed it for more than two years."

Read the original text