Chinese security firm claims it can see encrypted AirDrop data using a flaw that has existed since 2019
Encrypted or not?
AirDrop’s encrypted security features that allow users to transfer files without revealing the sender’s contact details have become increasingly popular in China, but one state-backed Chinese firm claims it can identify users.
This has been developed as part of the Chinese government in an effort to crackdown on activists and other citizens using AirDrop to send information without government tracking. AirDrop was heavily used during the 2019 protests in Hong Kong to share information and pro-democracy slogans without police intervention.
The firm told Bloomberg, “It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences”
A security flaw?
This workaround is possible by using log data for AirDrop from the recipient and sender’s iPhones. AirDrop sends this information in hash values, making it almost impossible to decrypt. Macworld has done further research into the claim, detailing that “the security company has found a method to convert these hash values into readable text.”
Macworld added, “We can confirm parts of this claim. We launched the console on our Mac and AirDropped a file to it from an iPhone, discovering from the console log data that the “sharing” process is responsible for AirDrop. This contains a dedicated sub-process called “AirDrop,” but several other sub-processes were also active during the file transfer. We found the name of our iPhone in one of the sub-processes, along with the strength of the Bluetooth signal.”
“The “AirDrop” sub-process actually stores the hash values for the email and phone number belonging to the contacted iPhone, but we were unable to access the plain text.”
If you’d like to see exactly how this process works, head to Macworld’s article which has screenshots to show that these claims from China are seemingly accurate.
Master your iPhone in minutes
iMore offers spot-on advice and guidance from our team of experts, with decades of Apple device experience to lean on. Learn more with iMore!
Apple has yet to comment on the existence of the flaw but it will be interesting to see if Apple opts to shut this workaround down in favor of angering the Chinese government.
More from iMore
John-Anthony Disotto is the How To Editor of iMore, ensuring you can get the most from your Apple products and helping fix things when your technology isn’t behaving itself. Living in Scotland, where he worked for Apple as a technician focused on iOS and iPhone repairs at the Genius Bar, John-Anthony has used the Apple ecosystem for over a decade and prides himself in his ability to complete his Apple Watch activity rings. John-Anthony has previously worked in editorial for collectable TCG websites and graduated from The University of Strathclyde where he won the Scottish Student Journalism Award for Website of the Year as Editor-in-Chief of his university paper. He is also an avid film geek, having previously written film reviews and received the Edinburgh International Film Festival Student Critics award in 2019. John-Anthony also loves to tinker with other non-Apple technology and enjoys playing around with game emulation and Linux on his Steam Deck.
In his spare time, John-Anthony can be found watching any sport under the sun from football to darts, taking the term “Lego house” far too literally as he runs out of space to display any more plastic bricks, or chilling on the couch with his French Bulldog, Kermit.