Apple AirDrop security and best practices

A recent Apple event showcased the new AirDrop file sharing service, but a notable security flaw is drawing concern.  With only a good Wi-Fi connection and two nearby Apple devices, AirDrop’s functionality can be exploited to allow access to the personal information of potentially 1.5 billion users.  Email addresses and phone numbers at minimum are at risk because of the discovery process, which allows unintended devices to eavesdrop and access the user’s data.  The hashing protection of the data itself is apparently insufficient and can be quickly circumvented through brute-force methods.  The German researchers at the Technical University of Darmstadt who discovered the flaw say they alerted Apple to the issue almost two years ago, but the company hasn’t addressed it since.  As a result, they recommend simply turning off AirDrop in settings and not opening the device’s sharing menu.

While the fix is relatively easy, that it’s a problem at all underscores how much farther we have to go.  On all sides, people can undervalue their system security.  The former issue will pose an extra risk to those who continue to use their work devices for personal use.  People still store sensitive personal data on their work machines, and vice versa.  Not the least of reasons to avoid doing this is that one in five companies, according to research from Skillcast and YouGov, use tech that monitors employee activity online, or plan to in the future.  Other research from Morphisec reports over 50% of employees using their personal computer for work purposes, as well.  Only 30% affirm never using work devices in such ways, says Kaspersky.

Blending the professional and personal in this way is a primary recipe for security disaster.  Employers and coworkers eavesdropping would be the least of one’s concerns if they choose to take this route: it also gives hackers even more inroads to an organization, thus making their jobs even easier.  The headaches that result from this are by now well publicized.  As long as people continue to fall back into bad habits, and not utilize better practices, there is only so much an organization can do to repel cyber intruders.  Once they’re inside, hopefully the last line of defense protecting sensitive data is strong enough to render it useless and of no value on the dark web.


By: Jonathan Weicher, post on April 29, 2021
Originally published at: https://www.netlibsecurity.com
Copyright: NetLib Security