Wangshendongjian Technology, a Chinese tech company, was able to track down people who had sent “inappropriate content” in the subway, using a vulnerability in Apple’s AirDrop feature.
This incident can dampen Apple’s sales in China — its fifth largest market.
Researchers from the Technical University of Darmstadt claim that Apple has been aware of this vulnerability since 2019, but it chose to do nothing about it.
The researchers had sent a report to Apple regarding this flaw, which was not acted upon. Apple even acknowledged the report in 2019 in an email to the researchers.
The researchers published a fix to the issue in 2021, which again fell on deaf ears.
How Is The Vulnerability Exploited
When devices connect on AirDrop, basic information like device name, phone number, and email addresses are exchanged between the devices. In usual circumstances, this data is scrambled so that no third party can access this sensitive information.
However, Apple did not carry out the “salting” process, which made this transfer vulnerable to external malicious parties. Salting is the process of mixing sensitive information with bogus data