Can you be tracked with AirDrop? According to Apple, AirDrop is a private, ultra-secure way to send files, but this report out of Bloomberg truly is worrying.
According to the outlet, Chinese authorities have cracked AirDrop and can identify dissidents based on what they share with the popular iPhone tool.
MacRumors, who also reported on this, says Apple advertises the AirDrop protocol as secure and private because the connection uses Transport Layer (TLS) encryption. However, the Beijing Municipal Bureau of Justice (BMBJ) claims on their website a “technological breakthrough” that lets them crack that encryption.
According to the BMBJ’s website, iPhone device logs were analyzed to create a “rainbow table” which allowed investigators to convert hidden hash values into the original text and correlate the phone numbers and email accounts of AirDrop content senders. The “technological breakthrough” has successfully helped the public security authorities identify a number of criminal suspects, who use the AirDrop function to spread illegal content, the BMBJ added. “It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences,” the bureau added.
It is not known if the security flaw in the AirDrop protocol has been exploited by a government agency before now, but it is not the first time a flaw has been discovered. In April 2021, German researchers found that the mutual authentication mechanism that confirms both the receiver and sender are on each other’s address book could be used to expose private information. According to the researchers, Apple was informed of the flaw in May of 2019, but did not fix it.
According to CNN, AirDrop has been used as both a dissident tool to share information and as a means to send spam messages to strangers on the Beijing subway. So far, Apple has not released a statement to verify or deny China’s claims to have cracked AirDrop.