Is it possible to have your phone number leaked through Apple’s AirDrop feature? A recent security report shows how some people may exploit this feature to collect sensitive data.
Information Leak Through AirDrop
Just having the Bluetooth on can share various information about the device, and when it comes to using Apple’s AirDrop or Wi-Fi password sharing features, a partial cryptographic hash that can be converted into the iPhone’s complete phone number is also broadcasted.
As a recent security report explains, when someone is using the AirDrop feature to share a file, a partial SHA256 hash of their phone number is also being broadcasted, while using the Wi-Fi password sharing feature would broadcast partial SHA256 hashes of the user’s email address, Apple ID, and mobile number.
To be clear, only partial hashes are being broadcasted with the features, but researchers say that these are already enough to recover the user’s full mobile number. In fact, the CEO of Errata Security Rob Graham was even able to capture the details of over a dozen Apple Watches and iPhones within range in just two minutes using a laptop with a proof-of-concept software installed.
For users of Apple devices, AirDrop is a convenient way of sharing files such as documents, photos, and videos with other nearby Apple devices even without internet connection. Typically, this feature allows users to choose which items they want to share and with whom, but the recent security report shows how using the feature may also be compromising sensitive data such as the user’s mobile number.
While this may be something of little concern when the features are being used among peers, co-workers, or family members, having information potentially leaked among strangers is quite unnerving. According to experts, this is an example of the trade-off that companies such as Apple are making when it comes to ease of use and privacy.