Security researchers had reportedly alerted Apple about vulnerabilities in its AirDrop wireless sharing feature back in 2019.
According to these researchers, Chinese authorities recently exploited these vulnerabilities to track users of the AirDrop function.
This case has raised concerns about global privacy implications.
Pro-democracy activists in Hong Kong have previously used AirDrop, leading to Chinese authorities cracking down on the feature.
Beijing-based Wangshendongjian Technology claimed to have compromised AirDrop, collecting basic identifying information such as device names, email addresses, and phone numbers.
Despite Chinese officials presenting this as an effective law enforcement technique, there are calls for Apple to take swift action.
US lawmakers, including Florida Sen. Marco Rubio, have expressed concern about the security of Apple's AirDrop function, calling on the tech giant to act promptly.
Apple has not responded to requests for comments on the matter.
Researchers from Germany's Technical University of Darmstadt, who identified the flaws in 2019, stated that Apple received their report but did not act on the findings.
The researchers proposed a fix in 2021, which Apple has allegedly not implemented.
The Chinese claim has raised alarms among US lawmakers, emphasizing the need for Apple to address security issues promptly.
Critics argue that Apple's inaction may be exploited by authoritarian regimes, highlighting the broader implications of tech companies' relationships with such governments.
The Chinese tech firm's exploitation of AirDrop apparently utilized techniques identified by the German researchers in 2019.
Security experts emphasize that while AirDrop's device-to-device communication is generally secure, users may be vulnerable if they connect with a stranger or accept unsolicited connection requests.
The lack of salting in the encryption process makes it easier for unauthorized parties to decipher the exchanged data.
The tech firm behind the AirDrop exploit has a history of collaboration with Chinese law enforcement and security authorities.
The intentional disclosure of the exploit by Chinese officials may serve various motives, including discouraging dissidents from using AirDrop.
Experts suggest that Apple may now face challenges in fixing the issue due to potential retaliation from Chinese authorities, given the company's significant presence in the Chinese market.
The hack revelation could also provide China with leverage to compel Apple's cooperation with security or intelligence demands.
This Cyber News was published on www.cysecurity.news. Publication date: Sun, 14 Jan 2024 17:43:04 +0000