With Apple’s proprietary Airdrop app, you can easily send songs, photos, and other documents from one iPhone to another – without a memory card and cable. That sounds good at first. But is it true that Airdrop can be used for spying? And if true, we guess you may be interested in knowing how to spy using Airdrop.
A loophole was recently discovered in Apple’s Airdrop, which hackers can use to read your phone number. With this, hackers can access emails and messages, download photos, and even spy through microphones and cameras. All this without the need to touch the phone, although with the requirement of being nearby.
The vulnerability has already been found, reported to Apple, and fixed in newer versions of Apple devices that came out from 2020 till the present year. But it’s still much possible on older devices. Also, we’re curious how a single engineer is enough to put a recent version of iOS in check. This article will see what this is all about and how spying or hacking is or was possible with Airdrop.
What is Airdrop?
Airdrop for Mac OS and iOS enables the wireless exchange of data between Apple devices. If there is a partner nearby, all you have to do is click or tap on the Airdrop symbol, and data transfer can begin.
The data transfer takes place via the WLAN or Bluetooth modules of the devices. The devices must not be more than ten meters apart for the connection to work. Airdrop is not a replacement for a traditional network connection but an addition. The data traffic runs via the router if both devices are on the same WLAN.
Can Airdrop be used to spy?
While this is possible, it depends on the version of the iOS version you’re on. A Google security researcher exploited flaws in Apple’s protocol, particularly for Airdrop. The result: access to files on iPhones and other iOS devices and hacking possibilities worthy of the best works of fiction.
The reveal comes from Ian Beer, a security researcher working with the Google Project Zero initiative, and it has something to shudder at.
Several flaws identified in the AWDL (Apple Wireless Direct Link) protocol, used to create a network intended for certain functionalities such as Airdrop (file sharing between Apple devices) or Sidecar (screen sharing between a Mac and an iPad), could be exploited to take control of an iPhone remotely. As Ian Beer demonstrates in two videos (available below), file theft was possible.
The security researcher indicates that it was also possible to read emails and messages and even spy on the user by taking control of the microphones and cameras of the iPhone. It’s a scenario that is relatively rare but which is reminiscent of certain works of fiction such as the Mr. Robot series or the Watch Dogs video games.
The researcher was also able to find a way to force the activation of the AWDL protocol when the latter had previously been manually cut.
However, Apple acknowledged the presence of these flaws and fixed them in older versions of iOS, which means earlier versions remain vulnerable. The group nevertheless indicates that, at present, most iPhone users have already switched to the latest versions of iOS, which are no longer exposed to these vulnerabilities.
Finally, Apple indicates that the attacks demonstrated by Ian Beer required being within the Wi-Fi range of the targeted iPhones. This still somewhat reduces the field of possibilities for a hacker.
How Airdrop is used for spying or as a stalking aid
While this is almost impossible with today’s iPhones, maybe iPhone X users and those with earlier devices can be worried.
In 2018, a Texan woman was spied on and followed by Airdrop during a car ride. Police investigated.
While driving down the highway, Texan Becca Blackman Wilcox noticed that a man was following her. He had sat behind and beside her for some time on their drive to Copperas Cove and watched her openly, as reported at the time.
She soon called the police, but after twenty minutes, she became scared to death. After a long chase, she suddenly received a call from the pursuer to pull over. It wasn’t until she pulled up to the nearest police station that the younger man stopped chasing the 45-year-old mother of nine.
Police soon suspected her iPhone might be compromised. Otherwise, how did the pursuers get her name and phone number? A call from Jason’s phone number only resulted in a company in Jamaica, typical of scammers.
According to their cell phone operator, AT&T, the tracker may have accessed Airdrop, the iOS’s Bluetooth-based file-sharing feature.
How the hacking is done
The iPhone had Airdrop enabled and set to the “For Everyone” setting. What many do not know: If this setting is active, this is communicated to all iOS devices in the area.
Anyone within 50 feet can see that “Becca’s iPhone” is active. IT experts said the pursuer could have had access to Becca’s contact details earlier when asked by the media. The name and photo of her on his iPhone would then be within Bluetooth range popped up. However, access to the phone number is not possible via Airdrop.
If you use the latest iPhones released within the last three years, we don’t think it’s possible to be spied on or stalked with Airdrop. But iPhone 11, X, and earlier users may have to be security conscious.
It is always recommended to select the “Only for contacts” or “Receive” setting for Airdrop under “Settings > General > Airdrop.” After all, it is also possible to send photos via Airdrop without any problems, which some harassers have already successfully exploited. A few years ago, it was reported that women were occasionally Airdropped with so-called “private pics” on the subway.