China’s government has recently unveiled a significant development in its ability to expose the identities of Apple device owners utilizing the popular AirDrop feature.
The wireless sharing protocol, previously considered a secure means for activists and dissidents to communicate anonymously, now faces scrutiny as a Chinese institute in Beijing claims to have decrypted iPhone logs, revealing the email addresses and phone numbers of users engaged in AirDrop communications.
According to information shared on a Chinese government website, the institute discovered that Apple stores crucial user details, including device names, email addresses, and phone numbers, in encrypted log files.
By employing an advanced rainbow table—a reverse hash table—the institute successfully accessed and analyzed records extracted from phones provided by law enforcement, exposing the identities of individuals involved in AirDrop exchanges.
The Chinese government asserts that law enforcement has successfully identified “multiple suspects” through this method, prompting questions about Apple’s response to the identified security flaw. It remains uncertain whether the tech giant plans to release a patch addressing the vulnerability.
As reported by Media in 2022, Apple had already taken measures to limit the capabilities of AirDrop in China with the iOS 16.1.1 update. Previously, users could receive files from anyone, their contacts, or no one at all. However, the first option was restricted to a 10-minute window, a limitation later expanded globally to all iPhone models.
The detection method outlined by the Chinese government implies a necessity for both the sender’s and receiver’s smartphones to confirm user identities. AirDrop, designed for wireless data transfer between Apple devices without an Internet connection, operates without the need for devices to be on the same Wi-Fi network.
This vulnerability, if not addressed by Apple, could potentially allow the government to monitor transfers that would otherwise be challenging to track, as they occur without Internet access.
In light of these developments, Apple users may need to reconsider their reliance on AirDrop for secure and anonymous communications, as the company evaluates potential security updates to safeguard user privacy.