Hackers can steal your number using Apple's AirDrop feature
Over the last few years, Apple has been particularly focused on making its devices and services more secure. The move has helped the company gain an edge over Google, but as it turns out, even Apple products aren't 100% secure. Case in point: A critical AirDrop loophole that can give away iPhone users' phone numbers to hackers. Here's all about it.
How AirDrop can compromise numbers
Apple AirDrop has long been serving as an ideal photo/video-sharing solution for iPhone users. The feature is handy but security researchers at Hexway say it also broadcasts the phone number active on an iPhone in the form of a cryptographic hash. It is only partially hashed and can easily be converted into a full number if someone really wants to do that.
Device connection broadcasts the number
The broadcast, as the researchers explained, happens through Bluetooth Low Energy packets over a peer-to-peer Wi-Fi network created between two devices. They even demonstrated the attack in a video, showcasing how a person with specialized software and a wireless packet sniffer dongle can mine phone numbers relatively easily. The dongle fetches the hashed broadcast with first three numbers while the software completes it.
Apple Wi-Fi password sharing is even more risky
Along with AirDrop, the researchers emphasized Apple's Wi-Fi password sharing feature can also be compromised in a similar way. The only difference is that it not only broadcasts the mobile number of a person but also his/her email address, and the user's Apple ID. Now, that is a lot of data, which can be used for attempting frauds or phishing attacks.
However, chances of exploit are highly unlikely
While the possibility of having your number compromised from a file-sharing feature is scary, it is highly unlikely that someone would go to these lengths to mine your details. Apple has not commented on the matter but the researchers say this broadcast is essential for the functioning of these features and it "is more a feature of the work of the ecosystem than vulnerability."
