Last week, I had cast about an AirDrop vulnerability that's being actively exploited in the wild.
This vulnerability isn't exactly new, and researchers had initially notified Apple's Product Security team of their concerns in 2019. This resurfaced because of recent reports on China actively exploiting it, with some details on how they're achieving this. The TL;DR is that if you're an iPhone user sending files using AirDrop, you're not doing so anonymously — identifiers tied to your Apple ID (i.e., your email address and phone number) are stored on other iPhone users' devices. Your Apple ID identifiers aren't just kept on the devices of people you transfer files to; they're stored far more liberally across devices in your vicinity.
AirDrop is commonly used in China to distribute material for peaceful protests, and China has leveraged this AirDrop vulnerability to crack down on demonstrations by identifying the participants.
For my Android users
I'm going to be inclusive here and help the non-iPhone readers catch up. AirDrop is an Apple-specific protocol that uses WiFi and Bluetooth to transfer stuff between two iOS devices. I primarily use this to share photos of my cats, but you can also use it to share PDFs, web URLs, contacts, etc quickly.
Another thing to note is that AirDrop can operate in two modes: Everyone or Contacts Only. If you have AirDrop set to Everyone mode, anyone within proximity can send you files via AirDrop.
Contacts Only mode is also pretty intuitive. When enabled, only users in your contacts will be able to send you files via AirDrop. Now, if you're privacy-minded, this may spark something in you. You might even be thinking, "How can some random iPhone user on the streets know that you're in their contacts without you telling them who you are?". And that's where the trouble lies.
Warning: if your AirDrop mode is set to Everyone, you will receive random genitalia pics at some point. It's pretty unavoidable.
How the AirDrop protocol works
Researchers at the Technical University of Darmstadt published a whitepaper on Apple's AirDrop and the design flaws back in 2021. In section 2.3, they breakdown the AirDrop protocol into these three phases:
The orange messages in the protocol diagram are where contact identifiers (i.e., the email address or phone number tied to your Apple ID) are leaked. But let's be a little more specific.
When a sender attempts to use AirDrop, their device will begin advertising itself to let other devices know they exist and would like to send files via AirDrop. The sender sends a shortened 2-byte identifier as part of the initial Discovery phase - 1a
in the protocol diagram. There are some privacy implications here, but we'll just brush past those and get to the juicer stuff.
If the receiver's AirDrop is set to Everyone mode, we could theoretically allow the transferring of files after performing some basic mutual authentication like TLS since anyone should be allowed to send files regardless of who they are. That's not super interesting, so let's talk about the Contacts Only mode.
When a receiver's AirDrop is set to Contacts Only mode, they will only accept files from people in their contacts. For identification purposes, the sender will create a fingerprint of their Apple ID — using a one-way hash function called SHA256 — and send over their hashed identifier to the receiver. A one-way hash function makes it fast and cheap to convert some input into a fingerprint, but given the fingerprint (aka the hash), it's expensive and slow to determine the original input. To see this in action, you can use an online SHA256 generator to generate the hash/fingerprint of any input instantly, but if I asked you to tell me what input created 1cfb9858623680349946660eef69a5fa0c16dcc3db8e447bad3363c60dc81c53
, it'll take infinitely longer—assuming the input search space is sufficiently large.
When an iPhone receives an Apple ID identifier hash via the AirDrop protocol to check if it matches with someone in their contacts, it logs that hash value. If you're at a coffee shop AirDropping cat pics to your friend, every iPhone in the coffee shop with AirDrop set to Contacts Only mode will receive and store a hashed version of your identifier—either your phone number or email address, or both!
China reverses Apple ID hashes using rainbow tables
I know what you're thinking. Does it even matter that hashed identifiers such as phone numbers are on other people's phones? Didn't I just talk about how hash functions are one-way and determining the input was difficult? Well, no, that depended on the input space being sufficiently large. In the United States, for example, phone numbers are an area code followed by seven digits. In computational terms, 10^7 is a small search space, and checking all possible phone numbers can be done in seconds. More broadly, the number of phone numbers is bounded, known, and relatively small.
Rainbow Tables are large databases of hash values and their associated inputs. These are useful because when you are given a hash value of, let's say, a phone number, you don't need to brute-force through all the phone numbers to determine which phone number it corresponds to. You can just look up the hash value in your rainbow table database and instantly know the underlying phone number. I bring up rainbow tables because Chinese state-sponsored researchers at the Beijing Wangshendongjian Judicial Appraisal Institute used them to discover the phone numbers, email addresses, and Apple IDs of AirDrop users. AirDrop was instrumental in spreading information privately during the 2019 Hong Kong protests, as well as others, so it is no surprise that China has dedicated resources to thwarting its citizens from using AirDrop by way of identifying them. Since every receiver iPhone in a sender iPhone's AirDrop vicinity will log the sender's identifier—which can be instantly translated to their phone number or email address using a rainbow table—you can imagine it's pretty easy for a government to set up rogue iPhones strategically to collect the phone numbers of its AirDrop-using citizens.
I don't like this, what can I do?
You can turn off AirDrop, but that's not very practical.
Suppose you're hyper-privacy-conscious and want to continue using AirDrop. In that case, you can remove your phone number from your AppleID since it's susceptible to brute-force and rainbow table attacks and instead use a difficult-to-guess email address. The search space of email addresses isn't bound in the same way as phone numbers, so they're less susceptible to rainbow table attacks. While there are only billions of phone numbers, there are infinitely many such email addresses.