AirDrop is a feature on iOS and macOS devices that allows you to securely and conveniently share files, photos, movies, etc. no need for cables.
AirDrop includes three modes: Off, Contacts Only, All. By default it's set to Contacts Only (which means they can only use you with you, and you can only use it with those who are already in your Contacts app).
Additionally, Apple has increased AirDrop security in recent versions of operating systems, allowing only devices that are in the orientation pointed to by the sender to appear on the AirDrop network (so that a device that is behind does not appear in the AirDrop network until the user does not address it).
Researchers have shown that through AirDrop it is possible to obtain the phone number and email of strangers.
In order for hackers to steal this private information, they would have to perform a brute force attack or some other "simple technique". They can only do this while they are (physically) close to the user with the benefit of open sharing on an AirDrop-enabled Apple device.
Although these are very specific conditions, researchers at Technische University in Darmstadt believe this vulnerability represents a "serious breach of privacy".
'To determine if the other user is a contact,' write the researchers, 'AirDrop uses a mutual authentication mechanism that compares a user's phone number and email address with those in the Contacts app. other user ».
Although Apple encrypts this information, the researchers say Apple's "hashing" technique "does not achieve a discovery system that protects privacy, as hashes can be quickly reversed using simple techniques such as brute force attacks."
Researchers discovered this bug in AirDrop in 2019. Although they reported it to Apple, they never received a response.