Premium
This is an archive article published on August 3, 2019

Apple AirDrop, WiFi password sharing may leak your contact number: Report

Even in case, the Bluetooth of an Apple device is turned on, it can broadcast a partial hash which can be converted into a phone number, according to a report by cybersecurity firm Hexway.

google-preferred-btn
Apart from Apple iPhone, the issue also exists in MacBook, Apple Watch and AirPods, claims the report. (Image source: AP)

Over the years, Apple has built up an ecosystem which makes it easy for the users to sync all of their Apple devices such as iPhone, MacBooks, iPads, etc. together easily. The AirDrop feature available on iPhones and Macs allows the users to share WiFi passwords and other content between two Apple devices. However, according to a report by cybersecurity research firm Hexway, the very same feature can also post a threat to security as it can leak the phone number of an Apple iPhone.

According to the Hexway, the AirDrop and WiFi password sharing broadcast can be used to obtain sensitive data such as phone numbers. It also said that once the Bluetooth of the device is switched on, the Apple products display the current status of the device, information about battery, device name, WiFi status, buffer availability, OS version and even the phone number.

The issue also exists in MacBook, Apple Watch and AirPods. All of the information is sent through Bluetooth Low Energy (BLE), according to the Hexway report. Apart from this Bluetooth loophole, every time a user tries to share something through AirDrpo phone sends out SHA256 hash of their phone number to all the devices around. The report further claims that attackers can use this hash to recover the actual phone number and contact the user through iMessage to obtain the name of the device’s user.

Story continues below this ad

Coming to the issue of WiFi password sharing, Hexway report said that the Apple products send partial SHA256 hash with Apple ID and the email addresses that are connected with them. Only the first 3 bytes of the hash is sent which is sufficient to identify the number which can be recovered through HLR requests that provide phone number status and region.

The report also shows the videos depicting the loopholes in Apple devices that Hexway researchers have found.

Also Read|Here’s how to turn off Siri on your Apple iPhone and MacBooks

Off late, Apple has been facing severe criticism from its users ever since the news about its listening to accidental Siri recordings for a global internal program came into light. Even though the company said that it has suspended the said program, there are concerns over the Siri recordings that are already fed on the Apple servers.

© IE Online Media Services Pvt Ltd
Latest Comment
Post Comment
Read Comments
Advertisement
Top Stories
Bihar
Congress may agree to Tejashwi as CM face to get Bihar alliance back on track
Ek Deewane ki Deewaniyat review
EntertainmentEk Deewane Ki Deewaniyat movie review: Harshvardhan Rane, Sonam Bajwa film revives misogynistic toxicity of Darrs, Anjaams, Tere Naams
Shradha Sharma Delhi Taj Hotel
TrendingYourStory founder Shradha Sharma 'humiliated' by Delhi’s 5-star hotel over her sitting posture: ‘Sat in Padmasana'
Daniel Naroditsky death Nihal Sarin
SportsNihal Sarin on Daniel Naroditsky's death: 'He (Vladimir Kramnik) has kind of literally taken a life'
Taken together, these cases show how mediation has become the new language of power.(Illustration by C R Sasikumar)
OpinionRise of the new peacemakers
Express shorts
Bihar
Congress may agree to Tejashwi as CM face to get Bihar alliance back on track
Political Pulse2 hr ago

Tejashwi Yadav is set to be the chief ministerial candidate of the Mahagathbandhan alliance, as talks have resolved differences and reduced friendly fights. Though a seat-sharing deal has not been announced, a positive meeting with RJD's leadership has reassured the alliance's unity and focus on bringing change to Bihar.

View all shorts
Live Blog
Loading Taboola...
Advertisement