We may earn a commission if you click a deal and buy an item. This is how we make money.

Apple AirDrop flaw ‘exposes phone numbers and email addresses’ to all

Apple’s AirDrop tech is a really handy way to share photos, contact information and more, but a security flaw could mean sharing details with more folks than you bargained for.

According to researchers at a prominent German university, the Wi-Fi and Bluetooth-powered Apple-to-Apple data transfer tech could expose your phone number and email address to a stranger in Wi-Fi range.

The researchers working out out Technische Universitat Darmstadt say just opening an iOS or macOS sharing pane could expose your personal information. It’s not even necessary to begin a transfer for third-parties to expose the “significant security risk”, they say.

In findings published this week, the researchers say they raised the issue with Apple way back in 2019 and the company hasn’t fixed it yet. They say the problem lies in weak hashing of phone numbers and email addresses associated with the Apple user. All strangers need to do is be in the vicinity in order to snoop.

In a press release the researchers from the Secure Mobile Networking Lab (SEEMOO) and the Cryptography and Privacy Engineering Group (ENCRYPTO) write: “As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users – even as a complete stranger. All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.”

“The discovered problems are rooted in Apple’s use of hash functions for “obfuscating” the exchanged phone numbers and email addresses during the discovery process. However, researchers from TU Darmstadt already showed that hashing fails to provide privacy-preserving contact discovery as so-called hash values can be quickly reversed using simple techniques such as brute-force attacks.”

The researchers say 1.5 billion users are potentially vulnerable to this issue, but add Apple hasn’t acknowledged the problem, let alone attempted to fix it. The researchers say the only way to guard against it currently is to turn AirDrop off.

Why trust our journalism?

Founded in 2004, Trusted Reviews exists to give our readers thorough, unbiased and independent advice on what to buy.

Today, we have 9 million users a month around the world, and assess more than 1,000 products a year.

author icon

Editorial independence

Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.

author icon

Professional conduct

We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.