It is a well-known fact that Apple has an ecosystem that makes it easy for people to share Wi-Fi passwords, and use AirDrop to send files to the nearby Apple devices. However, the same features pose a threat to your privacy and security. According to a report published recently, cybercriminals can capitalise on the loopholes of these features to collect potentially sensitive data, including the phone numbers.
According to the report, if you leave the bluetooth on your device turned on, it broadcasts a host of device details, including the device’s name, whether it's in use, whether the Wi-Fi is turned on, the OS version it’s running, and information about the battery. What’s further concerning is the revelation that when iPhone owners use AirDrop or Wi-Fi password sharing features, their devices broadcast a partial cryptographic hash that can easily be converted into an iPhone’s complete phone number.
The information disclosed in areas like work and offices may not be as alarming as it may get when it is shared in public places. Such areas may have cybercriminals with some kind of hardware with which they can collect the details of all Apple devices that have bluetooth turned-on. The details could later be used to track customers.
How does this work?If, for example, you are using AirDrop to share a file or image, the device that you are working on will broadcast a partial SHA256 hash of their phone number, the user’s email address, and the user’s Apple ID. While only the first three bytes of the hash are broadcast, researchers from security firm Hexway claim that these bytes provide enough information to the criminals to recover the full phone number.
from Latest Technology News https://ift.tt/2OBTUbA
No comments:
Post a Comment