Apple's AirDrop is eroticizing pain meaningundeniably convenient for sending photos, videos, links, and more between iPhones, iPads, and Macs. But there's one thing you probably didn't know AirDrop's sharing: part of your phone number, which in the wrong hands, could be used to recover your full digits.
Security researchers at Hexway (via Ars Technica) have discovered a "flaw" in AirDrop that can used to obtain unsuspecting iPhone users' phone numbers using software installed on a laptop and a Bluetooth and WiFi adapter to sniff them out.
Because of the way AirDrop works — it uses Bluetooth LE (Low Energy) to create a peer-to-peer WiFi network between devices for sharing — it broadcasts partial hashesof an iPhone user's phone number in order establish the device as a sending/receiving contact when sending a file.
SEE ALSO: 9 hidden iOS 13 features you need to know aboutMore serious is if you use Apple's WiFi password sharing feature, you're exposing hashed parts of your phone number, but also your Apple ID and email address.
Now, although AirDrop's only beaming partial hashes – a.k.a. some numbers and letters that have been scrambled (Hexway says only the "first 3 bytes of the hashes" are broadcast) — the researchers concluded that there's "enough to identify your phone number" if somebody really wanted to do it.
The researchers shared one scenario in which a hacker could secretly sniff out iPhone users' phone numbers:
- Create a database of SHA256(phone_number):phone_number for their region; e.g., for Los Angeles it’s: (+1-213-xxx-xxxx, +1-310-xxx-xxxx, +1-323-xxx-xxxx, +1-424-xxx-xxxx, +1-562-xxx-xxxx, +1-626-xxx-xxxx, +1-747-xxx-xxxx, +1-818-xxx-xxxx, +1-818-xxx-xxxx)
- Run a special script on the laptop and take a subway train
- When somebody attempts to use AirDrop, get the sender’s phone number hash
- Recover the phone number from the hash
- Contact the user in iMessage; the name can be obtained using TrueCaller or from the device name, as it often contains a name, e.g., John’s iPhone).
Errata Security CEO Rob Graham confirmed to Ars Technica Hexway's software, shared to GitHub, does indeed work. "It’s not too bad, but it’s still kind of creepy that people can get the status information, and getting the phone number is bad."
Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number. Hexway's researchers even admit that the partially-shared — and we can't stress this enough — information is a necessity to how AirDrop works.
"This behavior is more a feature of the work of the ecosystem than vulnerability," reports Hexway. The researchers further explained that they've "detected this behavior in the iOS versions starting from 10.3.1 (including iOS 13 beta)."
Scary as this "flaw" appears, it's very unlikely anyone will go through these lengths to recover your phone number.
Older iPhones, pre-iPhone 6S, however, appear to be safe based on their findings.
"Old devices (like all before iPhone 6s) are not sending Bluetooth LE messages continuously even if they have updated OS version," reports Hexway. "They send only limited number of messages (for example when you navigate to the Wi-Fi settings menu) probably Apple does that to save battery power on an old devices."
So, how can you stop potential snoopers from sniffing your Bluetooth information out? Turn off Bluetooth. Yes, that means you won't be able to connect AirPods or an Apple Watch to your iPhone, but if that's what will help you sleep at night, then it's the only option.
We've reached out to Apple for comment on Hexway's security findings and will update this story if we receive a response.
Topics Apple Cybersecurity iPhone Privacy
'Mario Kart World' Nintendo Direct: 3 takeaways
Pinterest's body type search helps users find more size
Climbers capture intense footage of yet another rockfall at Yosemite
Oscars 2024: Complete list of winners
Best AirPods deal: Save $50 on AirPods Pro 2
FEMA removes data on water availability in Puerto Rico from website
How an Australian VR gaming studio scored a gig with Boeing to train astronauts
NYT's The Mini crossword answers for March 11
Best headphones deal: Save up to 51% on Beats at Amazon
Airbnb banned indoor security cameras. Here's why.
Samsung The Frame deal: Get up to 40% off at Samsung
San Juan mayor fires back at Trump official's claim about Puerto Rico
How to watch 'Palm Royale': When and where is it streaming?
Wordle today: The answer and hints for March 12
What's new to streaming this week? (March 7, 2025)
Trump EPA administrator's calendar full of polluting industry meetings
Best smartphone deal: Get the Google Pixel 8 for just $539.99 at Woot!
Best robot vacuum deal: The Shark Matrix Plus 2
Amazon Big Spring Sale 2025: Save $20 on Amazon Echo Show 5
HP Spectre x360 14 deal: New 2
Speaking AmericanAn Interview with Donald Margulies'Quordle' today: See each 'Quordle' answer and hints for August 17, 2023No More TearsHow to delete your TikTok accountThe Morning News Roundup for June 25, 2014Philosophy of the WorldFall Sweeps by Alexander AcimanThe Morning News Roundup for June 30, 2014Tonga's beloved shirtless flagbearer returns for Tokyo Olympics opening ceremonyLet’s Get MetaphysicalHow to make an activity private on StravaThe Morning News Roundup for Friday, June 27, 2014How to create and post to your Close Friends Story on InstagramAn Interview with Carol MuskeHighs in the MidHow to disable Instagram's new sensitive content controlsBe Afraid, Be Very AfraidMad With Desire (Kind Of)Rules of Civility Tesla's 'Full Self In praise of Nick Fury, true center of the Marvel Cinematic Universe Facebook leaks reveal unethical global lobbying strategies Stressed out after the debates? You're not the only one J.K. Rowling delivers magical takedown of Donald Trump with a single tweet Coinbase to give former Hacking Team employees the boot Watch Donald Trump throw a mini temper tantrum after the debate Google won't run political ads during Canada's election cycle Phoebe Waller Memorialized accounts on Facebook get 'Tributes' section Everybody is completely in love with Chris Wallace's debate performance 'I am young, I am gay, I am black': Trailblazing politician enters Aussie parliament 'Captain Marvel' feels fresh and familiar: Review Samsung's Galaxy S10 has the best smartphone display, says DisplayMate People exploded with joy when the final debate was finally over Clinton insists background checks don't conflict with Second Amendment Everything you need to remember from 'Game of Thrones' Season 3 Australian man found not guilty of murdering his Tinder date Not even the audience can take Trump seriously when he says he respects women Important Trump guest Wayne Newton is having a fun time at the debate
2.003s , 8286.1640625 kb
Copyright © 2025 Powered by 【eroticizing pain meaning】,Information Information Network