Chinese police have managed to crack the security protocol surrounding AirDrop. This allows them to find out the location, telephone number and email address of a user as soon as they share something via AirDrop.
AirDrop cracked: not so anonymous
Sharing content via AirDrop isn’t as anonymous as you might think. Beijing police have managed to identify the sender of unwanted AirDrop requests from iPhone logs – including phone number and email address.
Police officers have already identified several suspects in this way, according to Chinese authorities. The method should ultimately simplify it to ‘prevent the spread of inappropriate expressions and possible bad influences’.
AirDrop as a protest in China
The pro-democracy movement in Hong Kong and China has been using AirDrop for years to send protest posters and slogans directly to nearby iPhones. Because AirDrop works even without an internet connection, it cannot be monitored with “standard network monitoring tools,” according to the Chinese government. The new technology for identifying senders is very important for China. The announcement therefore seems intended to discourage the protest movement from continuing to use AirDrop.
For AirDrop, Apple relies on a security mechanism that has been criticized for some time. If you’re signed in to iCloud, the operating system creates a so-called “AirDrop identity” when you activate the service. This is exchanged with other nearby devices when you send something via AirDrop. This allows an iPhone, iPad or Mac to determine whether the sender and recipient know each other, because they are in each other’s contacts. AirDrop identity is based on the phone numbers and email addresses stored for the Apple ID.
Eavesdropping method was known before
Researchers already warned several years ago that personal data can be retrieved via AirDrop. The AirDrop identity is already sent when you open the Share menu.
According to the report from China, police rely on tables to determine the original string masked by the AirDrop identity. To do this, police will most likely need to have full access to the iPhone that received files via AirDrop. So you’re safe for now.