A group of researchers at the German university, Technische Universitat Darmstadt, has found a vulnerability with AirDrop that is said to be exploitable to reveal a user’s phone number and email address.
Labeled “AirDrop shares more than files,” the study has laid out the mechanics leading to the flaw and how the overall process does not require an actual data transfer to take place.
As per the study, the vulnerability lies in the application’s “mutual authentication” procedure whereby two devices make exchanges, checking out one another’s address book for similar records. But while the confirmation process involved does work around encryption, the researchers claim that it’s weak and can be reverse-engineered through brute force.
Apple, the developer of AirDrop, was said to be notified about the issue back in May 2019 but is yet to acknowledge the problem. AirDrop has not gotten a patch and Apple has not responded to the researchers since the report.