AirDrop 'Cracked' By Chinese Authorities to Identify Senders

Apple's AirDrop feature has reportedly been cracked by a Chinese state backed institution, allowing authorities to identify senders who share "undesirable content" over the peer to peer wireless protocol (via Bloomberg ). AirDrop is Apple's ad hoc service that lets users discover nearby Macs and iOS devices and securely transfer files between them over Wi Fi and Bluetooth.

Users can send and receive photos, videos, documents, contacts, passwords and anything else that can be transferred from a Share Sheet. Apple advertises the protocol as secure because the wireless connection uses Transport Layer Security (TLS) encryption, but the Beijing Municipal Bureau of Justice (BMBJ) says it has devised a way to bypass the protocol's encryption and identify the numbers and emails of senders.

According to the BMBJ's website , iPhone device logs were analyzed to create a "rainbow table" which allowed investigators to convert the hidden hash value into the original text correlating the phone numbers and email accounts of AirDrop content senders. The "technological breakthrough" has successfully helped the public security authorities identify a number of criminal suspects, who use the AirDrop function to spread illegal content, the BMBJ added.

"It improves the efficiency and accuracy of case solving and prevents the spread of inappropriate remarks as well as potential bad influences," the bureau added. This isn't the first time a security flaw has been discovered in the AirDrop protocol. In April 2021, German researchers discovered that the mutual authentication mechanism that confirms both the receiver and sender are on each other's address book could be used to expose private information.

According to the researchers, Apple was informed of the flaw in May of 2019, but did not fix it. Apple limited the use of the AirDrop on devices on the Chinese mainland in November 2022, after anti government activists used the function to spread political leaflets. AirDrop became restricted by default to Contacts Only, and the option to turn on AirDrop for "Everyone" was limited to 10 minutes.

With the launch of iOS 16.2, Apple expanded the AirDrop limitation it introduced in China to all users globally. Apple said that the feature was actually introduced in an effort to cut down on spam content spread in crowded areas like malls and airports. Note: Due to the political or social nature of the discussion regarding this topic, the discussion thread is located in our Political News forum.

All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts..