In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities.
The announcement targeted techs like running Wi-Fi hotspots from smartphones and Apple's AirDrop, as they both allow the operation of peer-to-peer networks that are hard for Beijing to observe.
Protestors reportedly used AirDrop to share anti-government material during China's long and strict COVID-19 lockdowns.
China understands that Apple considers AirDrop's peer-to-peer links are a feature, not a bug.
Chinese netizens know they're being watched in the name of national security, and many welcome it.
Which is why Chinese authorities last week admitted that the use of AirDrop is considered problematic after police previously found inappropriate material being shared on the Beijing subway using the protocol.
Chinese netizens are therefore on notice that their attempts to shire material critical of Beijing can be observed.
Those netizens know the consequences of being caught are nasty.
Infosec academic Matthew Green analyzed the post, and research on AirDrop published in 2019 by academics from TU Darmstadt, and concluded the protocol is leaky and the Institute's assertions are entirely plausible - if an Apple ID or phone number can be guessed by an attacker.
I. The extent of surveillance in China means gathering candidate info would not be vastly difficult.
Green's post details ways in which actors could create lists of target credentials.
AirDrop users are therefore at risk, in China, or anywhere else.
Green then speculated that even if Apple can fix the issue, it might not want to given it earns around 20 percent of its revenue in China, which in 2023 discouraged use of the iPhone by government employees.
This Cyber News was published on go.theregister.com. Publication date: Mon, 15 Jan 2024 03:13:20 +0000