Chinese judicial authorities claim to have cracked AirDrop to obtain details of iPhone users who sent messages in public this way, backed by security researchers who have been warning Apple for years. A government-backed research institute has announced that it can use iPhone logs to identify users who send and receive content via AirDrop. While the process wasn't detailed, security researchers believe AirDrop is unsafe, and Apple has been informed of the problem multiple times.
The claim that the sender's details can be found through the device logs is confirmed, although testers were only able to obtain the name of the sending iPhone and Bluetooth signal strength by accessing the console logs on the Mac that received the file via AirDrop. The name and signal strength are stored in the AirDrop subprocess that is part of the overall "sharingd" process.
The AirDrop subprocess appears to contain the email and phone number to which the iPhone was sent, but they are stored in hashes and testers were unable to translate them into plain text.
Assuming that this research institution in Beijing, China uses AirDrop to identify so-called "suspects", then there is another factor that means this Apple feature is unsafe. Not only that, but security researcher Alexander Heinrich also discovered a problem with FindMy.
While the Apple ID email and phone number are also stored as hashes, they are said to be easy to decipher. Heinrich's findings only hold true if AirDrop is actually used. The Chinese approach uncovered a log on the receiving iPhone, indicating it had to be confiscated before the iPhone could be searched.
Heinrich said he had not only reported the vulnerability. But Apple itself later questioned the researchers when developing iOS 16. While Apple has demonstrated a more secure version of AirDrop, it will not be compatible with older iOS versions and has not yet been implemented.
In addition, Apple just received an AirDrop patent. It will use light instead of Wi-Fi and Bluetooth, making it faster and more secure.