A new alert released just a few hours ago can jeopardize the security of iPhone users. If you have one of these devices in your hands and you have used any of the features that we indicate below, be very careful with what you do. Hackers could take advantage of features like Apple’s AirDrop to discover personal phone numbers and personal information of iPhone users. The risk has been confirmed by experts.
Did you know that Apple offers its users the ability to locate lost iPhone, share WiFi passwords and even use the AirDrop function to send files to other devices that are nearby? Well, from now on you will have to be very cautious when using these tools because you could be in danger.
A newly published report confirms how it would be perfectly possible for an experienced hacker to take advantage of the mentioned functions to get a good collection of personal and private data of users, including complete telephone numbers.
How Would the Attack be carried out?
As revealed in the video, the fact that the Bluetooth system is activated can offer a great deal of information. We speak, for example, of data linked to the device, names, information about if the WiFi is activated or not, what operating system is being used and specific percentages of the remaining battery level.
The point is that using the Apple AirDrop system or WiFi to share passwords generates the transmission of a so-called ‘partial cryptographic hash’. This, and always through the action of experienced hackers, can convert and reveal complete phone numbers of an iPhone.
If it was a Mac that transmitted information, the static address of Mac could also be revealed, which usually serves as the unique identifier of a device.
A Problem in Public Places
Experts believe that this may not be a serious problem (we talk about the disclosure of complete telephone numbers) if this information were transmitted in known and more or less secure environments, such as homes, offices, and centers where device owners often know each other.
The thing does not look so good in other environments, such as public places, such as airports, bars or shops. The truth is that the hacker needs to have a vast knowledge of hacking; it would be perfectly possible to gather information from a good number of devices in the Apple house, as long as they had the Bluetooth Low Energie (BLE) turned on.
Researchers who have discovered this problem, and who are part of the security firm Hexway, have explained that only the first three bytes of the hash is transmitted. Technically we would be talking about very little information, but experts confirm that this would be enough for a hacker to get to recover a complete phone number.
Through tests carried out by other professionals, in just one or two minutes, information was collected from more than a dozen iPhones and Apple Watch that were within range.
It is a bill that users of this type of service pay for the ease and convenience of transmitting their data wirelessly. However, many have chosen to disable these functions and protocols, to preserve, as far as possible, their privacy.