AirDrop’s encrypted security features that allow users to transfer files without revealing the sender’s contact details have become increasingly popular in China, but one state-backed Chinese firm claims it can identify users.
This has been developed as part of the Chinese government in an effort to crackdown on activists and other citizens using AirDrop to send information without government tracking. AirDrop was heavily used during the 2019 protests in Hong Kong to share information and pro-democracy slogans without police intervention.
The firm told Bloomberg, “It improves the efficiency and accuracy of case-solving and prevents the spread of inappropriate remarks as well as potential bad influences”
A security flaw?
This workaround is possible by using log data for AirDrop from the recipient and sender’s iPhones. AirDrop sends this information in hash values, making it almost impossible to decrypt. Macworld has done further research into the claim, detailing that “the security company has found a method to convert these hash values into readable text.”
Macworld added, “We can confirm parts of this claim. We launched the console on our Mac and AirDropped a file to it from an iPhone, discovering from the console log data that the “sharing” process is responsible for AirDrop. This contains a dedicated sub-process called “AirDrop,” but several other sub-processes were also active during the file transfer. We found the name of our iPhone in one of the sub-processes, along with the strength of the Bluetooth signal.”
“The “AirDrop” sub-process actually stores the hash values for the email and phone number belonging to the contacted iPhone, but we were unable to access the plain text.”
If you’d like to see exactly how this process works, head to Macworld’s article which has screenshots to show that these claims from China are seemingly accurate.
Apple has yet to comment on the existence of the flaw but it will be interesting to see if Apple opts to shut this workaround down in favor of angering the Chinese government.
