THE AirDrop it is not one of the most popular iOS / macOS features, but it can certainly be one of the most convenient. As easy as it is to send photos, videos and other types of media between different devices via AirDrop, the protocol used to activate these wireless transmissions can contain some serious flaws.
A new survey released by Ars Technica revealed that the network protocol used in AirDrop / AirPlay, called Apple Wireless Direct Link (AWDL), can leave users susceptible to a series of attacks of the type man-in-the-middle (MitM).
Although Apple takes steps to protect users from these loopholes in its network protocols, some security researchers have found that it is not very difficult to get around Apple’s barriers, as seen in the following video:
Briefly, when someone uses AirDrop to share a file or image, the device transmits a hash which is picked up by other nearby devices, which may partially reveal your phone number.
If the user uses AirDrop to share a Wi-Fi password, the device will send even more codes hash, which may also include your email address and Apple ID.
Although only the three numbers / letters are shown in the hash, the researchers said that this data provides enough information for a hacker to discover the full phone number, for example, from a database for each phone number in a given region.
It is worth noting that this is a side effect of Apple’s AWDL protocol, not really an error / flaw that must be corrected by the company – what Apple does is to make it difficult for these loopholes to be widely used against users.
If you worry too much about this type of breach, the most recommended solution is to define AirDrop availability only for your contacts: Settings »General» AirDrop »Contacts Only. This will ensure that you are seen only by people you trust and for a short period of time.