/?pid=apple-s-airdrop-and-password-sharing-features-can-leak-iphone-numbers-21018

Updated:05:55 AM EDT Mar 28


this is ggmania.com subsite Apple's AirDrop and password sharing features can leak iPhone numbers - TechAmok

Apple's AirDrop and password sharing features can leak iPhone numbers - [security]
05:26 PM EDT - Aug,01 2019 - post a comment

Apple makes it easy for people to locate lost iPhones, share Wi-Fi passwords, and use AirDrop to send files to other nearby devices. A recently published report demonstrates how snoops can capitalize on these features to scoop up a wealth of potentially sensitive data that in some cases includes phone numbers.

Simply having Bluetooth turned on broadcasts a host of device details, including its name, whether it's in use, if Wi-Fi is turned on, the OS version it's running, and information about the battery. More concerning: using AirDrop or Wi-Fi password sharing broadcasts a partial cryptographic hash that can easily be converted into an iPhone's complete phone number. The information - which in the case of a Mac also includes a static MAC address that can be used as a unique identifier - is sent in Bluetooth Low Energy packets.

The information disclosed may not be a big deal in many settings, such as work places where everyone knows everyone anyway. The exposure may be creepier in public places, such as a subway, a bar, or a department store, where anyone with some low-cost hardware and a little know-how can collect the details of all Apple devices that have BLE turned on. The data could also be a boon to companies that track customers as they move through retail outlets. As noted above, in the event someone is using AirDrop to share a file or image, they're broadcasting a partial SHA256 hash of their phone number. In the event Wi-Fi password sharing is in use, the device is sending partial SHA256 hashes of its phone number, the user's email address, and the user's Apple ID. While only the first three bytes of the hash are broadcast, researchers with security firm Hexway (which published the research) say those bytes provide enough information to recover the full phone number.

Hexway's report includes proof-of-concept software that demonstrates the information broadcast. Errata Security CEO Rob Graham installed the proof-of-concept on a laptop that was equipped with a wireless packet sniffer dongle, and within a minute or two he captured details of more than a dozen iPhones and Apple Watches that were within radio range of the bar where he was working

Short overview of recent news articles

Intel's Battle Has Just Begun (Mar,28 2024 )

Unreal Physics is a new free game on Steam (Mar,27 2024 )

Is The World's Cheapest Hardware Wallet SafePal S1 Worth It? (Mar,27 2024 )

Yes, this was a Bad Idea (Emergency Wall-Mounted PC Build) (Mar,27 2024 )

11 Cool Command Line Programs You Need to See (Mar,27 2024 )

When you Accidentally Compromise every CPU on Earth (Mar,26 2024 )

Everyone Who Tried This Has FAILED - Khadas Mind Modular PC (Mar,24 2024 )

Air Cooling is Dead (Mar,24 2024 )

US Justice Dept. Sues Apple for Monopolistic Behavior in Smartphones (Mar,24 2024 )

Beetlejuice Beetlejuice - Official Teaser Trailer (2024) Michael (Mar,24 2024 )

Alien: Romulus | Teaser Trailer (Mar,22 2024 )

NVIDIA Is On a Different Planet (Mar,22 2024 )

Everyone Needs This and it's Under $10 - Handy Tech Under $100 (Mar,21 2024 )

20 COOL GADGETS FOR 2024 (Mar,21 2024 )

Nvidia's 5090 Is Built From WHAT?! (Mar,21 2024 )

Parasyte: The Grey | Official Trailer | Netflix (Mar,20 2024 )

Fastest m.2 on Planet EARTH | Crucial T705 Nvme Review (Mar,20 2024 )

LG's new 480Hz OLED dual-mode monitor (Mar,20 2024 )

First 9.1 GHz CPU (overclocked 14900KS) (Mar,19 2024 )

Haley Messick - Saatisfaction @bennybenassi - In10sive Mastercamp (Mar,18 2024 )

1000W CPU: The Most Powerful Desktop Processor (Mar,18 2024 )

Expands Snapdragon 8 Series to Cover More Price Points (Mar,18 2024 )

Train Vs Lamborghini (Mar,17 2024 )

Don't use a Microsoft Account! (Mar,16 2024 )

This Ghillie Made from MIRRORS is SHOCKINGLY GOOD (Mar,16 2024 )

How Hackers Deliver Malware to Hack you using Social Media (Mar,16 2024 )

Call of Duty: Warzone Mobile - Launch Trailer (Mar,15 2024 )

Intel's 4th Attempt At Beating Ryzen - "New" 6.2GHz Core (Mar,14 2024 )

Asus Goes Big with Zenfone 11 Ultra (Mar,14 2024 )

House Passes Bill to Force Sale of TikTok (Mar,14 2024 )

Motorola Brings More Affordable 5G Phones to its 2024 Lineup (Mar,14 2024 )

Capristan Swim - Miami Swim Week | Art Basel Miami (Mar,14 2024 )

The Most Stunning All SSD NAS Ever? Inside QNAP's All-SSD (Mar,11 2024 )

M2 vs M3 MacBook Air - ULTIMATE Comparison! (Mar,11 2024 )

Risky PC Experiment: Direct CPU Water-Cooling! Can It Survive? (Mar,11 2024 )

SpaceX Falcon 9 rocket launches 23 Starlink satellites from (Mar,11 2024 )

I tried the Cheapest Arduino Alternative (that Nobody heard of) (Mar,10 2024 )

This is the WEIRDEST PC I've ever seen. (Mar,10 2024 )

Nvidia Retires GTX 16 Series, GDDR7 Arrives, FSR Upscaling Going AI? (Mar,10 2024 )

The New BIOS Hack That Bypasses Every Antivirus (Mar,09 2024 )

Microsoft says it hasn't been able to shake Russian state hackers (Mar,09 2024 )

iOS 17.4, Out Today, Brings Transcripts to Apple Podcasts (Mar,09 2024 )

Microsoft Kills Android-on-Windows (Mar,09 2024 )

Don't Make These Common PC Building Mistakes! (Mar,08 2024 )

Sydney Sweeney Gets Outcast By Her Hooters Co-Workers On 'SNL' (Mar,07 2024 )

How A Journalist Uncovered America's Secret Doomsday Bunkers (Mar,07 2024 )

Government Banning Hardware Wallets? (Mar,07 2024 )

Xiaomi 14 Ultra Full Review: I prefer to call it '13S Ultra' (Mar,07 2024 )

Windows Defender vs Ransomware 2024 (Mar,05 2024 )

I fixed this PCIe card with tape - I can't believe this worked... (Mar,04 2024 )

>> News Archive <<

TechAmok - Privacy Policy        loading time:0.01secs