AirDrop bugs expose Apple users’ email addresses, phone numbers

A team of academics from a German university said it discovered two vulnerabilities that can be abused to extract phone numbers and email addresses from Apple’s AirDrop file transfer feature.

The two bugs reside in the authentication process during the initial phase of an AirDrop connection, where devices try to discover each one another and determine if they belong to users who know each other (by checking if a device/user’s phone number is in the other device’s contacts list).

Under the hood, the Apple devices exchange AWDL (Apple Wireless Direct Link) packets that contain information about the devices and their owners, such as technical specs and personal data, including phone numbers, Apple IDs, or email addresses.

Read more…
Source: The Record