Set as Homepage - Add to Favorites

【Watch The End of the Fucking World】

Source:Miracle Information Network Editor:Science Time:2025-06-26 14:02:42

Apple's AirDrop is Watch The End of the Fucking Worldundeniably convenient for sending photos, videos, links, and more between iPhones, iPads, and Macs. But there's one thing you probably didn't know AirDrop's sharing: part of your phone number, which in the wrong hands, could be used to recover your full digits.

Security researchers at Hexway (via Ars Technica) have discovered a "flaw" in AirDrop that can used to obtain unsuspecting iPhone users' phone numbers using software installed on a laptop and a Bluetooth and WiFi adapter to sniff them out.

Because of the way AirDrop works — it uses Bluetooth LE (Low Energy) to create a peer-to-peer WiFi network between devices for sharing — it broadcasts partial hashesof an iPhone user's phone number in order establish the device as a sending/receiving contact when sending a file.

SEE ALSO: 9 hidden iOS 13 features you need to know about

More serious is if you use Apple's WiFi password sharing feature, you're exposing hashed parts of your phone number, but also your Apple ID and email address.

Now, although AirDrop's only beaming partial hashes – a.k.a. some numbers and letters that have been scrambled (Hexway says only the "first 3 bytes of the hashes" are broadcast) — the researchers concluded that there's "enough to identify your phone number" if somebody really wanted to do it.

The researchers shared one scenario in which a hacker could secretly sniff out iPhone users' phone numbers:

Mashable Light Speed Want more out-of-this world tech, space and science stories? Sign up for Mashable's weekly Light Speed newsletter. By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy. Thanks for signing up!

- Create a database of SHA256(phone_number):phone_number for their region; e.g., for Los Angeles it’s: (+1-213-xxx-xxxx, +1-310-xxx-xxxx, +1-323-xxx-xxxx, +1-424-xxx-xxxx, +1-562-xxx-xxxx, +1-626-xxx-xxxx, +1-747-xxx-xxxx, +1-818-xxx-xxxx, +1-818-xxx-xxxx)

- Run a special script on the laptop and take a subway train

- When somebody attempts to use AirDrop, get the sender’s phone number hash

- Recover the phone number from the hash

- Contact the user in iMessage; the name can be obtained using TrueCaller or from the device name, as it often contains a name, e.g., John’s iPhone).

Errata Security CEO Rob Graham confirmed to Ars Technica Hexway's software, shared to GitHub, does indeed work. "It’s not too bad, but it’s still kind of creepy that people can get the status information, and getting the phone number is bad."

Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number. Hexway's researchers even admit that the partially-shared — and we can't stress this enough — information is a necessity to how AirDrop works.

"This behavior is more a feature of the work of the ecosystem than vulnerability," reports Hexway. The researchers further explained that they've "detected this behavior in the iOS versions starting from 10.3.1 (including iOS 13 beta)."

Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number.

Older iPhones, pre-iPhone 6S, however, appear to be safe based on their findings.

"Old devices (like all before iPhone 6s) are not sending Bluetooth LE messages continuously even if they have updated OS version," reports Hexway. "They send only limited number of messages (for example when you navigate to the Wi-Fi settings menu) probably Apple does that to save battery power on an old devices."

So, how can you stop potential snoopers from sniffing your Bluetooth information out? Turn off Bluetooth. Yes, that means you won't be able to connect AirPods or an Apple Watch to your iPhone, but if that's what will help you sleep at night, then it's the only option.

We've reached out to Apple for comment on Hexway's security findings and will update this story if we receive a response.

Featured Video For You
Here are five hidden iOS 13 features you should know about

Topics Apple Cybersecurity iPhone Privacy

Previous:Trump's science adviser pick is actually a good scientist

Next:Best Fire Stick deal: Save $20 on Amazon Fire Stick 4K

Related Articles
Related Recommendations
Categories
Latest Articles
Popular Articles
Hot Recommendations
Featured Column

Quick Links

'Minecraft' players on the autism spectrum find a safe space on the Autcraft server'Lord of the Rings' cast reveals the story behind their biggest memeAndroid 11 reveal delayed, Google says 'now is not the time'$51 million in bushfire donations reveals Facebook fundraiser problemElon Musk gets a $770 million award as Tesla hits goalsPink pineapples are here to make fruit even more Instagrammable'Spoon bandit' bathes in 1,500 spoons he 'stole' from schoolApple closes some U.S. stores again, this time because of looting and vandalismSave the Children pulls an Amazon with DashApple closes some U.S. stores again, this time because of looting and vandalism'Minecraft' players on the autism spectrum find a safe space on the Autcraft serverGeorge R.R. Martin says Trump is like a King Joffrey that never grew upHow to use Hulu Watch PartySerena Williams has a new gig in Silicon ValleyUber and Lyft are coming back to Austin as soon as Monday'Struggling' Zuckerberg decides doing nothing is best when it comes to TrumpMexico politician's campaign hashtag is so wrong it's perfectFacebook's Zuckerberg privately feigns 'disgust' over Trump's remarksFacebook employees walk out over handsWaymo's self 'Mulan' star on why Bori Khan isn't a one Watch Ashton Kutcher brag about his 'terrifying' facial How cleaning your phone with UV rays could protect against coronavirus Don't feel guilty for abandoning the books you've Instagrammed VSCO's Montage lets you create video collages 'Game of Thrones' actor Max von Sydow dies Ori and the Will of the Wisps: One of the best platformers of all time Everyone who has pulled out of SXSW so far Major domain name bug allowed hackers to register malicious domains The Trump administration has 10 important things to learn from teens who do Model UN Entitled billionaire Elon Musk thinks coronavirus panic is 'dumb' SXSW canceled amid coronavirus concerns We're not totally sure Trump knows who's leader of North Korea How I learned to manage traveling with epilepsy The NBA Playoffs just started and it's already blessed the world with a legendary new meme Coronavirus outbreak empties out airports around the world This site is a pirate radio for the most popular streaming services Uber's complicated, messy history with tipping Facebook study finds thousands of shady political ads on the platform What we learned from Netflix's 'Love Is Blind' experiment

2.3421s , 8224.3046875 kb

Copyright © 2025 Powered by 【Watch The End of the Fucking World】,Miracle Information Network  

Sitemap

Top

Quick Links