Apple's AirDrop is undeniably handy for sending photos, videos, links, and more between iPhones, iPads, and Macs. But there's one thing you probably didn't know that AirDrop shared: part of your phone number, which in the wrong hands, can be used to recover the full numbers.
Security researchers at Hexway (via Ars Technica) have detected a "bug" in AirDrop that can be used to obtain unsuspecting iPhone users' phone numbers using software installed on a laptop and a Bluetooth and WiFi adapter to sniff them out.
Because of the way AirDrop works – it uses Bluetooth LE (Low Energy) to create a peer-to-peer WiFi network between devices for sharing ̵
More serious is If you use Apple's WiFi password sharing feature, you expose hashed parts of your phone number, but also your Apple ID and email address.
Now, although AirDrop's only brilliant partial hashish – aka some numbers and letters that are encrypted (Hexway says only the "first 3 bytes of hashish" have been sent) – the researchers concluded that it is "enough to identify your phone number" if anyone really wanted to.
researchers shared one scenario where a hacker could secretly sniff out iPhone users' phone numbers:
– Create a database of SHA256 (phone number): phone number for their region; for Los Angeles, for example. (+ 1-213-xxx-xxxx, + 1-310-xxx-xxxx, + 1-323-xxx-xxxx, + 1-424-xxx-xxxx, + 1-562-xxx -xxxx, + 1-626 -xxx-xxxx, + 1-747-xxx-xxxx, + 1-818-xxx-xxxx, + 1-818-xxx-xxxx)
– Run a special script on your laptop and take a subway train
– When someone tries to use AirDrop, get the sender's phone number hash
– Restore the phone number from hash
– Contact the user in iMessage; the name can be obtained using TrueCaller or from the device name, as it often contains a name, such as John's iPhone).
Errata Security CEO Rob Graham confirmed to Ars Technica Hexway's software, shared to GitHub, actually works. "It's not too bad, but it's still a bit scary that people can get status information and it's bad to get the phone number."
Scary when this "error" appears, it is very unlikely that someone will go through these lengths to recover your phone number. Hexway's scientists even admit that the shared information – and we can't stress this enough – information is a must for how AirDrop works.
"This behavior is more a function of ecosystem work than vulnerability," Hexway reports. The researchers further explained that they "discovered this behavior in iOS versions from 10.3.1 (including iOS 13 beta)."
Scary when this "error" appears, it is very unlikely that someone will go through these lengths to recover your phone number.
However, older iPhones, pre-iPhone 6S, appear to be safe based on their findings.
"Old devices (like all pre-iPhone 6s) do not send Bluetooth LE messages continuously even though they have an updated OS version," Hexway reports. "They only send a limited number of messages (for example, when navigating to the Wi-Fi settings menu), probably Apple is doing it to save power on old devices."
So, how can you stop potential snoopers from sniffing out Bluetooth information? Turn off Bluetooth. Yes, that means you won't be able to connect AirPods or an Apple Watch to your iPhone, but if that's what will help you sleep at night, it's the only option.
We have contacted Apple to comment on Hexway's security findings and will update this story if we receive an answer.