back to article Apple, you've AirDrop'd the ball: Academics detail ways to leak contact info of nearby iThings for spear-phishing

Apple's AirDrop has a couple of potentially annoying privacy weaknesses that Cupertino is so far refusing to address even though a solution has been offered. A bug-hunting team at Technische Universität Darmstadt in Germany reverse engineered AirDrop – iOS and macOS's ad-hoc over-the-air file-sharing service – and found that …

  1. Pascal Monett Silver badge
    Thumb Up

    Quite a feat

    Reverse-engineering a comms protocol to uncover a privacy-invading bug, that's some impressive work.

    Finding a solution when the vendor says there isn't one, that is downright awesome.

    Go Team Darmstadt !

    1. FlamingDeath Silver badge

      Re: Quite a feat

      Put into context, its easier to just get a pastebin db dump from compromised sites, plenty to choose from, and some mind boggling huge datasets too

      In any case, if someone is too muppet to turn off shit when its not in use, stupid them

      I’ve come to learn that nothing is secure, what is it now, 30+ Years of ‘computing’ and we (they) still cant get it right?

      You know, the lock on your front door can be picked?

      Your car is not safe either, window can be smashed

      1. iron Silver badge

        Re: Quite a feat

        Scan for Bluetooth devices in any office building (when such things exist again) and I guarantee you will see a dozen "xxxx's iPhone" pop up and probably a few Androids as well. The average user turns Bluetooth on so they can use their phone in the car and then never turns it off again. Even worse, the device name identifies who it belongs to in almost all cases. If you try explaining to them that is a security issue they will look at you as if you're wearing a sandwich board with "THE END IS NIGH!!!!" written on it.

        On a similar note, one of my neighbours tried to connect to my Nvidia Shield by Bluetooth recently. Why are they trying to connect to a device they don't know called SHIELD? It could be anything and clearly was not their device yet they tried to connect 6 times in an hour. Security? Viruses? They've maybe heard of them.

        1. Anonymous Coward
          Anonymous Coward

          Re: Quite a feat

          The average user leaves bluetooth on full stop. It talks to their watch, their computer, their speakers, their headphones, their car, tracking beacons, all sorts of things. It is useful and turning it on and off a pain in the arse, especially when it will then stop things working without fucking about to turn it back on again.

          You can see a device and a name, ok, now what? There is no added security risk there beyond any potential bluetooth vulnerability. (or are you a hitman looking for your target?) Do you turn off wifi all the time as well? What about the actual cellular connection? All making the attack surface bigger. It's a trade off, something too many security professionals don't seem to grasp properly.

          Enjoy your sandwich board.

  2. FlamingDeath Silver badge

    1. D@v3

      defeating encryption

      I've been doing some studying recently, and from more than one source I have seen references to a 'rubber hose attack' which can be effective in defeating encryption.

      Makes me think of that xkcd, which in turn, makes me chuckle.

      1. Anonymous Coward Silver badge

        Re: defeating encryption

        Rubber hose cryptography is a very real thing. I've never understood why XKCD references a wrench rather than a length of hose though.

  3. Anonymous Coward
    Anonymous Coward

    The boss' phone

    > it could be a boss's office phone number, for example

    For AirDrop to work the recipient has to manually accept the file. Accepting a transfer request from your boss when you can't see your boss in the room would be pretty poor security hygiene.

    1. Anonymous Coward Silver badge

      Re: The boss' phone

      It sounds like this exchange goes on before the recipient prompts for permission. Otherwise it wouldn't know that a transfer is requested.

      1. Anonymous Coward
        Anonymous Coward

        Re: The boss' phone

        > It sounds like this exchange goes on before the recipient prompts for permission. Otherwise it wouldn't know that a transfer is requested.

        Yes, that's correct.

        So the black hat sniffs the boss' phone at some prior encounter and is able to subsequently pretend to be the boss.

        Later, at the office, the black hat can pretend to be the boss and try and send further malware to an unsuspecting employee.

        Except that employee shouldn't be unsuspecting because they will receive a notification of an Airdrop from the boss but the boss isn't in the room.

        1. Graham Cobb Silver badge

          Re: The boss' phone

          No, I think you misunderstand - the hack is happening before any transfer, which would prompt the user, is attempted (and, in fact, no transfer is ever attempted).

          The hacker guesses a bosses email and starts the AirDrop protocol with the employee's phone. It effectively sends "Hi, I'm Big Boss's phone - can we talk?". If the employee has previously used AirDrop with the boss, their phone replies "Hi, Big Boss - long time no talk. Fred's phone here. What can I do for you today?".

          At that point, the attacker knows the target's name is Fred (actually it knows their email). The attacker does not bother to continue the AirDrop engagement and the employee's phone never notifies Fred about it because the boss's phone never went on to actually ask for anything.

          Later, the attacker can spear-phish the employee with the typical email: "Hi. BigBoss here. Shit has hit the fan with our project: full emergency here! I have had to go to our Berlin office to sort something out and they need you to arrange an immediate payment of $50,000 to their bank account which is ...".

          The attack doesn't involve actually trying to send anything with AirDrop - the AirDrop weakness is just a way to gather information such as email addresses for later spear phishing attacks.

  4. Anonymous Coward
    Anonymous Coward

    > Unfortunately, Apple uses the 20-year-old SHA-256 algorithm to perform the hashing. Thus, it's possible to crack the SHA-256 hash of an AirDrop user's phone number and discover the original digits in milliseconds,

    Are they actually cracking the hash, or just brute-forcing the phone number until they get a matching hash?

    Because if they are brute-forcing the phone number then it doesn't matter what hash function is used. They will all be equally vulnerable.

    Could anybody point me to a link explaining how an SHA256 hash can be cracked in milliseconds?

    1. Paul Kinsler

      how an SHA256 hash can be cracked in milliseconds?

      I presume the task is greatly simplified since phone numbers consist only of digits.

      1. Anonymous Coward Silver badge

        Re: how an SHA256 hash can be cracked in milliseconds?

        And a predictable number of digits. (it's a localised attack, so the local phone number format is highly likely)

      2. DS999 Silver badge

        Yes SHA256 is not the problem

        The fact the phone number is all digits and in a known format is clearly the real problem here, and there's no way to effectively encrypt it.

        What they could do is add some junk to the phone number to make reversing it a lot more difficult - let's say instead of sending just digits each digit was preceded by a random letter A-Z that told the number of junk characters that would follow (A=1, B=2 etc.) so you hash a much larger string removing the known format shortcut to reversing it, but it would still match the stored hash for that phone number on the other device. You'd add some junk at the end too so all numbers are the same length regardless of how much junk between the digits there is.

        Same thing for email, to avoid the "" type known plaintext problem.

        1. Anonymous Coward
          Anonymous Coward

          Re: Yes SHA256 is not the problem

          If you wanna go fast, make a rainbow table. Stupid easy for the space of valid phone numbers.

          Good news is with just a couple of clicks you can turn off Airdrop when you are not actually using it. Any your Bluetooth was probably helping beacons track and spy on you anyway.

          Generally if people are airdropping stuff at you and not asking you with actual words, you might not want what their sending anyway.

          ...unless you are collecting evidence of harassment for a lawsuit, in which case that dick pick their trying to send may be the golden ticket to a generous out of court settlement.

          1. This post has been deleted by its author

    2. Androgynous Cupboard Silver badge

      It's in the paper - I had the same question.

      They're just brute-forcing it, going through the entire keyspace, which takes "seconds on a PC". The "milliseconds" bit is because they're guessing that users in Austria have austrian numbers, and then using what they know about Austrian numbers to reduce the search space.

      @DS999 adding noise isn't going to help here - it's a blind exchange, so both parties start with zero knowledge of eachother. The only way to share information like _which_ noise to add is a public key exchange, which is bit wordy (although I expect they'll have to go down this route now).

      Put another way, you can change the digit "3" for "super-diddlesticks" or add some sort of predefined function on the numbers, but you're still only working with 10^7 or however many possibilities. You'll always be able to search them exhaustively.

      Someone has to be within bluetooth range for this so I'll live with it I guess. But nice research, boffins!

    3. big_D Silver badge

      They are brute forcing the hash to get the phone number.

  5. Anonymous Coward
    Anonymous Coward

    Researchers at Google's Project Zero found an iOS zero-click radio proximity exploit and published their work which incuded a facinating deep-dive into how the network protocol works if you're interested in this sort of thing.

  6. chivo243 Silver badge

    Moot point if

    Airdrop actually worked like it says on the Tin... I hear " Help me with Airdroop" at least once a week. I'd say it works one time in 10 times even with the same hardware. Nice work Apple!

    1. Anonymous South African Coward

      Re: Moot point if

      Fartdrop? AirBiscuitNetwork?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon