Wangshendongjian Technology, a Chinese tech company, was able to track down people who had sent “inappropriate content” in the subway, using a vulnerability in Apple’s AirDrop feature.
This incident can dampen Apple’s sales in China — its fifth largest market.
Researchers from the Technical University of Darmstadt claim that Apple has been aware of this vulnerability since 2019, but it chose to do nothing about it.
The researchers had sent a report to Apple regarding this flaw, which was not acted upon. Apple even acknowledged the report in 2019 in an email to the researchers.
The researchers published a fix to the issue in 2021, which again fell on deaf ears.
How Is The Vulnerability Exploited
When devices connect on AirDrop, basic information like device name, phone number, and email addresses are exchanged between the devices. In usual circumstances, this data is scrambled so that no third party can access this sensitive information.
However, Apple did not carry out the “salting” process, which made this transfer vulnerable to external malicious parties. Salting is the process of mixing sensitive information with bogus data which makes it difficult for perpetrators to swoop in on sensitive transfers.
Experts have called it an “amateur mistake” from Apple.
Pressure Mounting on Apple
Apple’s unwillingness to solve the vulnerability despite knowing it since the last four years has drawn huge flak.
Sen. Ron Wyden from Congress called it a “blatant failure” on Apple’s part. He lashed at Apple which has put several human rights activists, who trust Apple to share sensitive information, at risk.
Sen. Marco Rubio has termed this vulnerability as just another way for the Chinese to target opponents who use Apple devices.
Anyone using an iPhone should be concerned with the security of Apple’s AirDrop function.Sen. Marco Rubio
The Chinese firm that exploited the loophole is a subsidiary of Qi An Xin — a Chinese cybersecurity giant, which was responsible for warding off cyberattacks on the Beijing Winter Olympics 2022. The firm is also said to have close ties with several Chinese government authorities.
This further fuels the fire of US lawmaker’s concerns about Apple’s relationship with China. As of this publication, Apple has not commented on the issue.
However, the pressure is mounting on Apple. As Benjamin Ismail, an internet censorship expert, opines, Apple should either deny any such vulnerability or work immediately to solve it on an urgent basis.
However, given the evidence put forward, Apple is in a tight spot, and denying is certainly not an option. It remains to be seen how the tech giant weathers this storm.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : TechReport – https://techreport.com/news/chinese-firm-exploits-apple-airdrop-vulnerability-which-apple-was-aware-of-since-2019/
