Some new details are also emerging about how China can obtain the phone numbers and email addresses of people transferring banned files in the country via AirDrop.

Why has China turned its attention to AirDrop?

The AirDrop service is designed to share files between Apple devices. The technology in its usual state should leave only the name of the smartphone available (which you can change yourself). Your Apple ID and its associated contact information (phone number and email address) should not be shared.

This has made the technology attractive to anti-government activists participating in protests against the Chinese government. For example, AirDrop is widely used in Hong Kong to deliver information about dates, times and locations of upcoming demonstrations.

Chinese authorities want to identify and punish those who spread anti-government material.

Hacking AirDrop

9 January agency Bloomberg reports that a government agency cracked AirDrop’s encryption, revealing the identities of file senders. Macworld has managed to recreate some of what it suspects was done.

We ran the console on our Mac and sent it a file from the iPhone, in the console log we found that the “sharing” operation was responsible for AirDroping. It includes a special subprocess called “AirDrop”, but many other subprocesses were also active when the file was transferred. In one of the sub-processes we found the name of our iPhone and the strength of the Bluetooth signal. The “AirDrop” subprocess actually stores hashes of iPhone email and phone numbers, but we couldn’t access the plaintext,
– write researchers.

Although they couldn’t crack hash sums of personal data, Chinese hackers managed to do it just fine: “Although they are stored as hashes, they are fairly easy to decrypt: a phone number consists only of digits and is easy to crack with a brute force attack. Attackers guess common pseudonym structures for emails and then search dictionaries for possible matches of emails with data leaks.” databases”– added authors of the site.

Apple has known about this vulnerability since 2019

The report states that security researchers have long warned Apple about the risks of encoding phone numbers and email addresses in this way and sending them to a receiving device. These warnings date back to at least 2019.

One of them was Alexander Heinrich from the Technical University of Darmstadt, who informed Apple about this in 2021:

We discovered two flaws in the underlying protocol that allow attackers to learn the phone numbers and email addresses of both sending and receiving devices.
– he wrote then.

The researcher says Apple addressed this issue while developing iOS 16, but it seems didn’t solve the problem.

One possible reason for this is that switching to a more secure version of the AirDrop protocol (such as PrivateDrop proposed by Heinrich and his team) is incompatible with the older version. This means AirDrop will no longer work when transferring data to older devices that cannot run the latest iOS versions.

Now that this vulnerability is being actively used by China to detect enemies of the government, it appears to be the lesser of two evils, given the extremely high risks.