iPhone Phone Numbers Can Be Exposed via AirDrop, Researchers Warn

By Ava McKinneyOnline Safety

Researchers Discover iPhone Phone Number Exposure via AirDrop

A team of researchers from hexway has found a way to determine an iPhone user’s phone number using AirDrop, Apple’s file-sharing technology that works over Wi-Fi and Bluetooth. According to hexway, their goal was to test Apple’s slogan, “What happens on your iPhone, stays on your iPhone.” The researchers have already published an exploit on GitHub.

How the Attack Works

The researchers were able to intercept data packets transmitted by devices with Bluetooth enabled. According to their findings, AirDrop sends encrypted packets containing the phone number so that the recipient can identify the sender in their contacts list.

The potential attack involves several steps:

  • The attacker creates a database of SHA256(phone_number):phone_number pairs for a specific region.
  • They run a special script, for example on a laptop, in a public place.
  • When someone tries to use AirDrop, the attacker can intercept the hash of the sender’s phone number and recover the actual number from it.

Hexway also notes that if the attacker contacts the user via iMessage, they can determine the owner’s name. The researchers were able to discover the name using TrueCaller, and sometimes it was visible in the device name as well.

Wi-Fi Password Sharing Risks

The researchers also described a problem that can occur when using the “Share Wi-Fi Password” feature on iPhones. When a user selects a network, the device sends Bluetooth LE requests to other iPhones, asking for the password. These BLE requests contain user data, specifically the SHA256 hash of the phone number, Apple ID, and email address. According to the experts, only the first 3 bytes of the hashes are sent, but that’s enough to identify the phone number.

Not a Vulnerability, but a Feature

Hexway states that this issue is not a vulnerability, but rather a consequence of features that support the Apple ecosystem. The described methods work on iOS 10.3.1 and above, including beta versions of iOS 13. The researchers also noted that older devices (all models before iPhone 6s) do not send BLE messages continuously, even if they have updated their OS. Only a limited number of messages are sent, likely because Apple wants to save battery life on older devices.

How to Protect Yourself

According to the researchers, the only way to prevent this issue is to turn off Bluetooth on your device.

Leave a Reply