Samsung Unpacked Livestream Wednesday New Wordle Strategy Nest vs. Ecobee Thermostat Best Deals Under $25 Fitness Supplements Laptops for High School Samsung QLED vs. LG OLED TV Samsung Unpacked Predictions
Want CNET to notify you of price drops and the latest stories?
No, thank you

AirDrop could be hacked to reveal personal information, researchers say

A privacy gap could let a nearby hacker snag the phone numbers and email addresses of people using AirDrop, say researchers at a German university.

AirDrop is a fast, simple way to transfer files, photos, videos and more from one Apple device to another.
Charles Wagner/CNET

Apple's popular AirDrop feature for sharing files may be vulnerable to hacking attempts, according to security researchers at a German university. In a post published Friday, researchers at Technische Universitat Darmstadt said that a nearby stranger could discover the phone number and email of an AirDrop user because of a privacy gap in the feature. 

The issue, reported earlier by Gizmodo, apparently stems from the Contacts Only option in AirDrop, which uses a "mutual authentication mechanism" to check whether a user's phone number and email is in someone else's contacts list, according to the researchers. The information is encoded in hash during this process, but a bad actor in "physical proximity to a target" could pick up the information and quickly reverse the privacy measures using "simple techniques such as brute-force attacks," said the researchers. 

The university first informed Apple of the potential vulnerability in May 2019, the researchers said, but the issue hasn't been addressed in subsequent software updates. 

The team has put forward its own alternative, called Private Drop, that doesn't "rely on exchanging vulnerable hash values."

Apple didn't respond to a request for comment.