Chinese statesponsored researchers claim to have found a way to extract sensitive information from people using Apple’s AirDrop feature.
A Bloomberg report covered how China’s Beijing Wangshendongjian Judicial Appraisal Institute reportedly found a way to read phone numbers, email addresses, and device names of AirDrop users, via device logs.
The researchers began their work investigation after someone allegedly used AirDrop to share “inappropriate” comments in the Beijing subway, but concerns around privacy have already been raised.
Rainbow tables
“After preliminary investigation, the police found that the suspect used the AirDrop function of the iPhone to anonymously spread the inappropriate information in public places,” the publication cites an announcement by the Chinese government. “Due to the anonymity and difficulty of tracking AirDrop, some netizens have begun to imitate this behavior. Therefore, it is necessary to find the sending source and determine its identity as soon as possible to avoid negative impacts.”
The researchers claim to have used rainbow tables to dehash iOS logs and read the information stored there. The data was later shared with the authorities, who apparently used it to “identify multiple suspects involved in the case.”
Due to the Chinese government’s strict grip on the internet and digital communication, many citizens turned to AirDrop to share content privately and away from the eyes of the government. BleepingComputer says the AirDrop feature was used during the 2019 protests in Hong Kong, and later in 2022, as well.
AirDrop is an iOS feature that allows users to share images and photos via Bluetooth and private WiFi networks, and without the need for a cellular connection.
Via BleepingComputer