Apple products might cost a small fortune, but one neat thing about its ecosystem is it’s easy to seamlessly share files between devices. Except according to a newly published report, there might be a creepy downside to all that convenience. If you’ve got Bluetooth enabled and use AirDrop or share your Wi-Fi passwords, anyone with a bit of know-how can nab your actual phone number.
While Apple famously says “What happens on your iPhone, stays on your iPhone”, sharing features inevitably require devices to… well share information. That said, AirDrop and Wi-Fi password sharing broadcasts a partial SHA256 hash to all devices in your vicinity every time you hit share. That means, the next time you try to AirDrop a cursed photo of say, live-action Sonic the Hedgehog, to your fellow bleary-eyed commuters on the train, you could also be broadcasting your actual phone number to anyone smart enough to scoop it up.
Meanwhile, password sharing includes partial hashes of not only your phone number but also your AppleID and email. You can see it in action in the video below.
Hexway, the cybersecurity researchers that wrote the initial report, also included the scripts in its white paper. Ars Technica, which initially spotted Hexway’s report, noted a researcher used Hexway’s scripts to then scoop up details of over a dozen iPhones and Apple Watches in a bar in just a minute or two. That result isn’t entirely surprising, but it’s not exactly comforting either.
Gizmodo reached out to Apple for comment about whether it was aware of the issue and if it had plans to address it, and we’ll update if we hear back.
The annoying thing is there’s not really a way around this, other than to disable Bluetooth on your phone when you’re out in public. Even so, it’s hard to ding Apple too much on this. Apple using partial hashes is an indication it’s at least trying to protect customer privacy. It’s just that features like AirDrop inherently require you to share personal data.
That said, if this bugs you out, it’s easily avoidable — just turn off AirDrop and don’t share wifi passwords when in environments you don’t trust. It may be irksome, but it’s also a handy reminder that convenience often comes at the cost of privacy.
Trending Stories Right Now
Microsoft Hires Aussie Literally Named Mac Book To Dunk On Apple In This Ad
From 2006 to 2009 Apple ran its iconic ‘Get A Mac’ advertising campaigning.
Starring a young Justin Long as ‘Mac’ and Not Justin Long as ‘PC’ it took aim at PC devices for being boring.
Ten years later Microsoft is getting its revenge. The company is using a real life dude named Mac Book… and he’s Australian.
We Tested Intel’s Ice Lake i7 CPU, And It Packs A Pleasant Surprise
Intel’s Ice Lake processors aren’t on the market just yet, but after five years of teasing and delays, Intel put the upcoming 10nm CPUs in the hands of journalists last week. The company claims this generation of processors will help redefine “what’s possible in a thin and light laptop” — specifically, we’re supposed to see significant improvements in battery life, thermal performance, and speed. We couldn’t test out those first two claims, but we got the opportunity to test the latter one, and while the speed bumps we recorded for processor-intensive tasks weren’t by any means shocking, the GPU improvements seem pretty extraordinary.
