Apple AirDrop cracked by China to expose sensitive data

Anurag Singh
Apple AirDrop used on an iPhone

Apple’s AirDrop feature has reportedly been cracked by China to reveal the phone number and email address of senders.

AirDrop is a tool in iOS that lets physically close iOS devices and share files wirelessly. It is end-to-end encrypted, meaning even Apple shouldn’t be able to decrypt the content of the materials you transfer.

However, China says it has cracked Apple’s AirDrop to at least access the phone number & email address of the sender.

The feature was actively used by activists to share information censored by the government. As reported by Bloomberg, a Chinese state-backed entity breached AirDrop as part of broader initiatives to eliminate objectionable content.

Apple AirDrop is end-to-end encrypted

Devices that support AirDrop use Bluetooth Low Energy (BLE) and Apple’s peer-to-peer Wi-Fi technology to send files and information to nearby devices.

They use Wi-Fi radio to communicate directly between devices without using any internet connection. This connection is encrypted with TLS.

Since AirDrop is a short-range protocol that doesn’t require an internet connection, the data shared through it can’t be regulated by governments.

Apple airdrop on iPhones

However, China seems to have found a way to access the sender’s phone number and email. According to Bloomberg:

“The Beijing institute developed the technique to crack an iPhone’s encrypted device log to identify the numbers and emails of senders who share AirDrop content, the city’s judicial bureau said in an online post.”

“Police have identified multiple suspects via that method, the agency said, without disclosing if anyone was arrested.”

Beijing is hailing the method to crack AirDrop as a “technological breakthrough”. As Bloomberg rightly points out, it could supplement measures intended to eradicate information China deems unhealthy.

It’s unclear if China can break the content encryption as well, but state authorities should be able to receive the content by accepting public AirDrop broadcasts and then trace it back to the sender.