Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label AirDrop. Show all posts

Researchers Claim Apple Was Aware of AirDrop User Identification and Tracking Risks Since 2019

Security researchers had reportedly alerted Apple about vulnerabilities in its AirDrop wireless sharing feature back in 2019. According to these researchers, Chinese authorities recently exploited these vulnerabilities to track users of the AirDrop function. This case has raised concerns about global privacy implications.

The Chinese government allegedly used the compromised AirDrop feature to identify users on the Beijing subway accused of sharing "inappropriate information." The exploit has prompted internet freedom advocates to urge Apple to address the issue promptly and transparently. Pro-democracy activists in Hong Kong have previously used AirDrop, leading to Chinese authorities cracking down on the feature.

Beijing-based Wangshendongjian Technology claimed to have compromised AirDrop, collecting basic identifying information such as device names, email addresses, and phone numbers. Despite Chinese officials presenting this as an effective law enforcement technique, there are calls for Apple to take swift action.

US lawmakers, including Florida Sen. Marco Rubio, have expressed concern about the security of Apple's AirDrop function, calling on the tech giant to act promptly. However, Apple has not responded to requests for comments on the matter.

Researchers from Germany's Technical University of Darmstadt, who identified the flaws in 2019, stated that Apple received their report but did not act on the findings. The researchers proposed a fix in 2021, which Apple has allegedly not implemented.

The Chinese claim has raised alarms among US lawmakers, emphasizing the need for Apple to address security issues promptly. Critics argue that Apple's inaction may be exploited by authoritarian regimes, highlighting the broader implications of tech companies' relationships with such governments.

The Chinese tech firm's exploitation of AirDrop apparently utilized techniques identified by the German researchers in 2019. Experts point out that Apple's failure to add an extra layer of security, known as "salting," allowed the unauthorized access of device-identifying information.

Security experts emphasize that while AirDrop's device-to-device communication is generally secure, users may be vulnerable if they connect with a stranger or accept unsolicited connection requests. The lack of salting in the encryption process makes it easier for unauthorized parties to decipher the exchanged data.

Following the Chinese claim, Senator Ron Wyden criticized Apple for a "blatant failure" to protect users, emphasizing the four-year delay in addressing the security hole in AirDrop. The tech firm behind the AirDrop exploit has a history of collaboration with Chinese law enforcement and security authorities.

The intentional disclosure of the exploit by Chinese officials may serve various motives, including discouraging dissidents from using AirDrop. Experts suggest that Apple may now face challenges in fixing the issue due to potential retaliation from Chinese authorities, given the company's significant presence in the Chinese market. The hack revelation could also provide China with leverage to compel Apple's cooperation with security or intelligence demands.

Apple's AirDrop Comes with a Security Flaw

 

Due to its intriguing features, the much-hyped announcement of AirDrop at the Apple event drew a lot of attention. However, it has recently been discovered that AirDrop has a security loophole that allows users to see personal information such as email addresses and phone numbers. This may result in a data leak affecting over 1.5 billion Apple users, as well as other security concerns. 

According to a study citing researchers from Germany's Technische Universitat Darmstadt, everyone can reach Apple users' email addresses and phone numbers, even if they are strangers, by simply opening the sharing pane on the smartphone and initiating the sharing process. A secure Wi-Fi link and proximity between the two Apple devices are needed to complete this task. 

The researchers discovered a flaw in the Contacts Only setting. You use the iOS Sharing function and choose AirDrop as the method to share a file with anyone via AirDrop. If the other person's AirDrop is set to Contacts Only, Apple must check to see if you're on their contact list. The corporation does this by comparing the contact number and email address to entries in the other person's address book. 

Apple uses a hashing feature to obfuscate your phone number and email address during this process to keep it secure. However, university researchers have already found that this hashing would not effectively preserve the data's privacy. 

“As an attacker, it is possible to learn the phone numbers and email addresses of AirDrop users—even as a complete stranger," the researchers said in the report. "All they require is a Wi-Fi-capable device and physical proximity to a target that initiates the discovery process by opening the sharing pane on an iOS or macOS device.”

The researchers said they developed their own approach, called "PrivateDrop," to replace the insecure AirDrop design. Without needing to swap the insecure hash values, PrivateDrop can easily and safely verify whether you're in a fellow iPhone user's contact list using optimised cryptographic protocols. PrivateDrop is available for third-party review on GitHub.

For the time being, the researchers recommend that users disable AirDrop. To do so on an iPhone or iPad, go to Settings, General, and then press the AirDrop entry. Select Receiving Off from the drop-down menu.

Cyber Flashing- Another Horrendous Way of Sexual Assault Via The Internet!


Of all the horrible things a pervert could do using the cyber means, Cyber Flashing is by far the most debauching and harassing of all.

For all those who aren’t well aware of this concept, cyber flashing is like every other form, a highly disgusting method of “image-based sexual abuse”.

This technology backed crime doesn’t stand on a particular pedestal as to the legality of it hence, the fact that people don’t know much about it let alone it being a crime.

You may be sitting somewhere in peace and quiet, supposedly on a much-wanted vacation cruising your lazy fingers on your phone and Bam! A stranger’s genitals cover your phone screen via an AirDrop file.

The initial shock, getting grossed out and the eventual sickening feeling you get is all well understood. Because the moment you try to close the file it only gets sent, again and again, a good number of times.

The nastiest part about this is that the person who sent it to you could be sitting close by, watching you see their nether regions and could be taking some sort of nauseating pleasure out of it.

According to several polls and researches, in England, Scotland and Wales combined, 40 percent of the women have, in one form or the other experienced cyber-flashing by having received repulsively uncalled for pictures of male private parts.


Disappointingly enough, notwithstanding the pervasiveness of the situation not many governments have special legal provisions to contend with cyber-flashing. Several countries’ existing laws don’t cover the subject wholly and only in the light of “sexual harassment or communication”.

Nevertheless, Scotland, Singapore and the American state of Texas did get something done for this but only under the pressure of women’s rights campaigns.

In the years that have passed, groups have suggested pretty fervently the need for the introduction of a new law that solely focuses on “image-based sexual abuse” and legally forbids cyber-flashing.
But it never had a toll on the government and the recommendations got rejected.

Contemplating over the severity of the not-at-all trivial crime and the neglect it has undergone in terms of its legal consequences is desperately needed to frighten away any potential partakers.

The degenerates require getting this into their head that sending someone an unsolicited picture of their genitals is simply not okay and that they can be legally punished for it.

Cyber-flashing could seriously distress the receivers and make them think that they are not safe even in public spaces. It also empowers men to accept the anonymous nature of the ill-act and just show off their genitals, without the fear of getting immediately caught.
Women need to be emboldened about fighting back against it.

Moreover, girls and women need to know that these “dick-pics” are definitely not imprudent tries at flirting and the men need to understand that this is not a pathway of getting nudes in return or appallingly enough, some twisted way of showing off.

The current laws need to keep up with the expeditious changes in technology. Also, how people embrace the ill-usages of it especially for harassment and sexual abuse.