Apple's WI-Fi Password Sharing Feature Is Said to Leak Your Number

There are many ways to share information between devices. When devices come from the same vendor, the sharing options become more convenient. If you are an Apple device user, you probably have shared files through AirDrop by now. Or maybe you have used the Wi-Fi password sharing services many times. However, it seems like every decent thing out there is supposed to have some limitations. Likewise, there are reports that Apple Wi-Fi password sharing and sending files via AirDrop might leak your phone number. Therefore, in this article, we will look at both, the AirDrop and the password sharing service, and we will check out the potential security issues that these sharing methods have.

What is AirDrop?

As mentioned, if you are an Apple user, you definitely know AirDrop by now, and you must have used it multiple times to share files and information with your colleagues or peers. This service is present in iOS and macOS operating systems, and the service allows you to easily transfer files between iOS devices over Bluetooth or Wi-Fi. You basically send data from device to device without using an email or another mass storage service as a proxy. Since there is no file size restriction, it is a rather convenient way of sharing for Apple device users.

What is Apple Wi-Fi Password Sharing?

Apple’s Wi-Fi Password sharing service allows you to share your network’s password with “friends and family” (or so the official website says). Needless to say, this feature also works between Apple devices. It is possible to share the password either through Wi-Fi or Bluetooth, and you need your Apple ID to be added to the other person’s contacts. Then the password sharing process becomes simple. You just need to select the Wi-Fi network on the device you want to connect. On your device, you need to tap the Share Password button when the prompt appears. And it’s done.

What are the security issues of file and password sharing?

The point is that if there is a feature, it usually can be hacked. For example, if you keep the Bluetooth turned on all the time, you should know that this feature can be hacked to extract your device details. With AirDrop and Apple Wi-Fi password sharing, it goes even further.

A recent blog post by hexway suggests that both services literally broadcast your phone number. Of course, that number is not broadcast out in the open, the information “comes out” of your device in the form of a cryptographic hash. However, with knowledge, this cryptographic hash can be converted into a phone number.

Now, the chances of someone intercepting this information to uncover your phone number are rather low. However, the point is that the vulnerability is there, and it would be better to avoid using password sharing or AirDrop features anytime and anywhere. It might not be much of a deal if these details are broadcast in a place like home or work where most of the people probably have your contacts anyway. However, what if this happens in a public space? How would you feel knowing that such information is literally “out in the air” at a bar or a shopping mall?

Is password sharing dangerous?

With these potential security issues at hand, the next question that we have to answer is whether the Apple Wi-Fi password sharing and AirDrop services are too dangerous to use. Well, they are not. It might be a potential security glitch, but it doesn’t pose a very big risk, especially if we talk about mass-tracking or surveillance. There are only very few situations in which the ability to snatch your phone’s number through password sharing could be employed by malevolent third parties.

However, since the issue is there, it COULD be exploited in several ways. For the most part, the vulnerability could be exploited for targeted attacks that employ social engineering. Targets would also be specific rather than general. For instance, someone might collect information about users who attend a specific event. So there could be ways to exploit this vulnerability, although researchers suggest that Apple might not do much to prevent this information from being broadcast through their services. After all, they have to share some kind of information for the devices to connect.

How to protect your personal information

If you do not feel comfortable about these new findings, you can easily turn off the AirDrop service and refrain from sharing passwords in public spaces. It doesn’t take much to employ such simple security measures. What’s more, on a broader level, it would also be a good idea to go through your security and password settings, to make sure that you have done everything to protect your data from potential hacks.

The most basic step towards your cybersecurity is your password safety. For instance, even if you do use the password sharing service, you should still make sure that the password itself is strong and unique. Aside from that, the password shouldn’t be recycled (you shouldn’t use the same password across different accounts). Of course, that presents quite a few difficulties for users because coming up with new and strong passwords all the time is rather burdensome.

To make this task easier, you can consider using Cyclonis Password Manager. This free tool is compatible with Windows, Mac, and Android devices. Not only does it generate strong passwords. It can also help you renew your passwords regularly, and store other important information in the Private Notes section.

Needless to say, passwords are not enough to protect your data as they can be breached no matter how strong they are. If it is possible to enable two-factor or multi-factor authentication on your accounts, make sure you do so because that will definitely strengthen the account security.

Finally, with such connecting services like Apple Wi-Fi password sharing, AirDrop, Bluetooth, and others, it is always a good idea to turn them off when you do not use them, instead of broadcasting the device’s data all the time. Make it harder for targeted attacks to reach you.

September 17, 2019

Leave a Reply