A Chinese state-backed institution has reportedly cracked a way to identify the phone number, email address, and device name of senders who share content via Apple’s AirDrop feature.
This move is part of broader efforts of Beijing’s government to root out “undesirable content”.
For those unaware, AirDrop is an end-to-end encrypted tool that allows users to wirelessly send photos, videos, documents, and more to other nearby iOS devices and Mac computers, which means even Apple cannot decrypt the content of the materials you transfer.
During transfers, the feature only shares the name of the device (which can be set to anything) and does not disclose the phone number and email address associated with the phone.
According to a new Bloomberg report, China’s state-backed Beijing Wangshendongjian Forensic Appraisal Institute developed a method to crack an iPhone’s encrypted device log to identify the numbers and e-mails of senders who share AirDrop content.
“The case of improper information disseminated through “airdrop” on mobile phones broke through the technical difficulties of anonymous traceability through AirDrop, improved the efficiency and accuracy of case detection, and prevented the further spread of inappropriate remarks and potential bad influence,” the Beijing Municipal Bureau of Justice said in an online post.
The research institute conducted an in-depth analysis of iPhone device logs and found that the sender’s device name, email address, and mobile phone number were recorded in the form of hash values, and some fields related to the hash value were hidden.
Using a detailed “rainbow table” of mobile phone numbers and email accounts, the researchers were able to dehash these fields to gain access to the sender’s information.
“After a preliminary investigation, the police found that the suspect used the AirDrop function of the iPhone to anonymously spread inappropriate information in public places. Due to the anonymity and difficulty of tracking AirDrop, some netizens have begun to imitate this behavior. Therefore, it is necessary to find the sending source and determine its identity as soon as possible to avoid negative impacts,” the agency added.
Further, the city judicial bureau said police have identified multiple suspects using this new method without disclosing if anyone was arrested or what charge there could be.
Notably, AirDrop is a popular tool among pro-democracy activists in China who use it to distribute protest posters, slogans, and other information censored by the government.
However, with the release of iOS 16.1.1 in 2022, Apple limited the “Everyone” setting for the AirDrop feature from non-contacts to only 10 minutes, which was previously set for an indefinite period of time.