Researchers Claim Apple Was Aware of AirDrop User Identification and Tracking Risks Since 2019

Security researchers had reportedly alerted Apple about vulnerabilities in its AirDrop wireless sharing feature back in 2019.
According to these researchers, Chinese authorities recently exploited these vulnerabilities to track users of the AirDrop function.
This case has raised concerns about global privacy implications.
Pro-democracy activists in Hong Kong have previously used AirDrop, leading to Chinese authorities cracking down on the feature.
Beijing-based Wangshendongjian Technology claimed to have compromised AirDrop, collecting basic identifying information such as device names, email addresses, and phone numbers.
Despite Chinese officials presenting this as an effective law enforcement technique, there are calls for Apple to take swift action.
US lawmakers, including Florida Sen. Marco Rubio, have expressed concern about the security of Apple's AirDrop function, calling on the tech giant to act promptly.
Apple has not responded to requests for comments on the matter.
Researchers from Germany's Technical University of Darmstadt, who identified the flaws in 2019, stated that Apple received their report but did not act on the findings.
The researchers proposed a fix in 2021, which Apple has allegedly not implemented.
The Chinese claim has raised alarms among US lawmakers, emphasizing the need for Apple to address security issues promptly.
Critics argue that Apple's inaction may be exploited by authoritarian regimes, highlighting the broader implications of tech companies' relationships with such governments.
The Chinese tech firm's exploitation of AirDrop apparently utilized techniques identified by the German researchers in 2019.
Security experts emphasize that while AirDrop's device-to-device communication is generally secure, users may be vulnerable if they connect with a stranger or accept unsolicited connection requests.
The lack of salting in the encryption process makes it easier for unauthorized parties to decipher the exchanged data.
The tech firm behind the AirDrop exploit has a history of collaboration with Chinese law enforcement and security authorities.
The intentional disclosure of the exploit by Chinese officials may serve various motives, including discouraging dissidents from using AirDrop.
Experts suggest that Apple may now face challenges in fixing the issue due to potential retaliation from Chinese authorities, given the company's significant presence in the Chinese market.
The hack revelation could also provide China with leverage to compel Apple's cooperation with security or intelligence demands.


This Cyber News was published on www.cysecurity.news. Publication date: Sun, 14 Jan 2024 17:43:04 +0000


Cyber News related to Researchers Claim Apple Was Aware of AirDrop User Identification and Tracking Risks Since 2019

Researchers Claim Apple Was Aware of AirDrop User Identification and Tracking Risks Since 2019 - Security researchers had reportedly alerted Apple about vulnerabilities in its AirDrop wireless sharing feature back in 2019. According to these researchers, Chinese authorities recently exploited these vulnerabilities to track users of the AirDrop ...
10 months ago Cysecurity.news
China warns of AirDrop de-anonymization flaw The Register - In June 2023 China made a typically bombastic announcement: operators of short-distance ad hoc networks must ensure they run according to proper socialist principles, and ensure all users divulge their real-world identities. The announcement targeted ...
10 months ago Go.theregister.com
China Says State-Backed Experts Crack Apple's AirDrop - Chinese state-backed experts have found a way to identify people who use Apple's encrypted AirDrop messaging service, according to the Beijing municipal government. AirDrop allows users to send content to Apple devices in close proximity without an ...
10 months ago Securityweek.com
Check Point Research Unfolds: Navigating the Deceptive Waters: Unmasking A Sophisticated Ongoing NFT Airdrop Scam - Sophisticated Scam Targeting Token Holders: Over 100 popular projects' token holders targeted with fake NFT airdrops appearing from reputable sources. Multi-Stage Deception Uncovered: The ongoing Scam involves enticing victims to fraudulent websites ...
10 months ago Blog.checkpoint.com
Apple AirDrop Hacked by China to Gain Access to Private Info - AirDrop was introduced in iOS 7, which allows Apple users to transmit files between iOS and macOS systems. This does not require an internet connection or a phone book contact for the receiver to receive files. It has been reported that malicious ...
10 months ago Gbhackers.com
China claims it cracked Apple's AirDrop to find numbers, email addresses - A Chinese state-backed research institute claims to have discovered how to decrypt device logs for Apple's AirDrop feature, allowing the government to identify phone numbers or email addresses of those who shared content. China has a long history of ...
10 months ago Bleepingcomputer.com
China Cracks Apple Private Protocol - The Beijing Bureau of Justice claims it can trace senders of Apple AirDrop messages. Chinese protesters have been using this iPhone protocol to privately spread memes of dissent against the regime. As it turns out, AirDrop isn't as anonymous as they ...
10 months ago Securityboulevard.com
Does Less Consumer Tracking Lead to Less Fraud? - Authors Bo Bian, Michaela Pagel and Huan Tang investigated the relationship between the rollout of Apple's App Tracking Transparency and reports of consumer financial fraud. By default, Apple's ATT opted all iPhone users out of tracking, which meant ...
11 months ago Eff.org
Lost and found: How to locate your missing devices and more - Physical trackers are small, circular or square-shaped objects that use simple replaceable batteries to remain charged for a long time. For travelers going around with luggage on trains and planes, there have been times when they come in really handy ...
10 months ago Welivesecurity.com
Apple 'Find My' network can be abused to steal keylogged passwords - Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards. The Find My network and application is designed to help users locate lost or misplaced ...
11 months ago Bleepingcomputer.com
Superconductor Claim 'Baseless' Experts - 'Breakthrough' claim by South Korean researchers of a room-temperature superconductor dismissed by reviewing experts. Doubts about a breakthrough claim earlier this year by a group of South Korean researchers appear to be justified, after experts ...
11 months ago Silicon.co.uk
Lost in Translation: Mitigating Cybersecurity Risks in Multilingual Environments - With increased connectivity and linguistic diversity comes a new set of cybersecurity risks. This article will delve into the unique cybersecurity challenges in multilingual environments, focusing on solutions and best practices to mitigate such ...
11 months ago Cyberdefensemagazine.com
macOS Malware Mix & Match: North Korean APTs Stir Up Fresh Attacks - North Korean advanced persistent threat groups are mixing and matching components of two recently unleashed types of Mac-targeted malware to evade detection and fly under the radar as they continue their efforts to conduct operations at the behest of ...
11 months ago Darkreading.com
Without Interoperability, Apple Customers Will Never Be Secure - Every internet user should have the ability to privately communicate with the people that matter to them, in a secure fashion, using the tools and protocols of their choosing. Apple's iMessage offers end-to-end encrypted messaging for its customers, ...
11 months ago Eff.org
Researchers Uncover Simple Technique to Extract ChatGPT Training Data - Can getting ChatGPT to repeat the same word over and over again cause it to regurgitate large amounts of its training data, including personally identifiable information and other data scraped from the Web? The answer is an emphatic yes, according to ...
11 months ago Darkreading.com
Researchers extract RSA keys from SSH server signing errors - A team of academic researchers from universities in California and Massachusetts demonstrated that it's possible under certain conditions for passive network attackers to retrieve secret RSA keys from naturally occurring errors leading to failed SSH ...
11 months ago Bleepingcomputer.com
Days After Google, Apple Reveals Exploited Zero-Day in Browser Engine - Apple has patched an actively exploited zero-day bug in its WebKit browser engine for Safari. Actively Exploited Apple yesterday described the vulnerability as something an attacker could exploit to execute arbitrary code on affected systems. ...
9 months ago Darkreading.com
Essential Tips for Claiming Cyber Insurance Coverage - In an era dominated by digital transactions and interconnected networks, the importance of cyber insurance cannot be overstated. Cybersecurity threats loom large, making it crucial for businesses to not only invest in robust preventive measures but ...
11 months ago Cybersecurity-insiders.com
How to Do a Risk Analysis Service in a Software Project - Software projects are vulnerable to countless attacks, from the leak of confidential data to exposure to computer viruses, so any development team must work on an effective risk analysis that exposes any vulnerabilities in the software product. A ...
11 months ago Feeds.dzone.com
Big Tech to EU: "Drop Dead" - There's just one wrinkle: the Big Tech companies don't want that future, and they're trying their damndest to strangle it in its cradle. Right from the start, it was obvious that the tech giants were going to war against the DMA, and the freedom it ...
6 months ago Eff.org
16 top ERM software vendors to consider in 2024 - Enterprise risk management software helps organizations identify, mitigate and remediate business risks, which can lead to improved business performance. The risk management market is rapidly evolving from separate tools across different risk domains ...
10 months ago Techtarget.com
Apple To Drop Sensor From Some Watch Models - Redesign plan to remove blood-oxygen sensor on certain Apple Watch models is dependent on an appeal court decision. Apple is reportedly prepared to remove the blood-oxygen sensor from certain Apple Watch models, depending on a court decision. The ...
10 months ago Silicon.co.uk
How to Stop Advertisers From Tracking Your Teen Across the Internet | Electronic Frontier Foundation - At 13, children transition abruptly between two extremes—from potential helicopter parental surveillance to surveillance advertising that connects their online activity and search history to marketers serving targeted ads. The Children’s Online ...
1 month ago Eff.org
What Are the 6 Types of Risk Assessment and How Do They Work? - Risk assessment is a tool used to help quantify potential risks in a certain situation. It can be used in many different scenarios, including business operations, financial decisions, and also cybersecurity. A risk assessment helps you identify areas ...
1 year ago Thehackernews.com
Meta AI Models Cracked Open With Exposed API Tokens - Researchers recently were able to get full read and write access to Meta's Bloom, Meta-Llama, and Pythia large language model repositories in a troubling demonstration of the supply chain risks to organizations using these repositories to integrate ...
11 months ago Darkreading.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)