A Chinese entity, allegedly supported by the government, claims to have successfully circumvented the security measures of Apple’s AirDrop, potentially allowing authorities to identify individuals sharing content deemed inappropriate through this wireless feature. AirDrop, developed by Apple, facilitates easy file-sharing between nearby Macs and iPhones utilizing Wi-Fi and Bluetooth.
Despite Apple asserting the security of AirDrop through encryption, the Beijing Municipal Bureau of Justice asserts that it has discovered a method to bypass this security layer. According to reports, the bureau examined iPhone logs to ascertain the senders and content shared via AirDrop, referring to this approach as a “technological breakthrough.” They argue that this technique aids in swiftly and accurately solving cases, preventing the dissemination of inappropriate content. It remains unclear whether any government agency had exploited this security vulnerability prior to the bureau’s claims.
This is not the first instance of AirDrop facing issues; in April 2021, German researchers identified a problem and informed Apple about it in May 2019, but the issue went unaddressed.
The Beijing Municipal Bureau of Justice contends that their methodology enhances case-solving efficiency, maintains accuracy, and curtails the spread of inappropriate content. Apple implemented changes to AirDrop’s functionality in China in November 2022, restricting its default usage to contacts only. Users who wish to extend AirDrop access to everyone are limited to a 10-minute window. Later, with the global release of iOS 16.2, Apple expanded these alterations worldwide to reduce the transmission of unwanted content in crowded places such as malls and airports.
The revelation of AirDrop’s alleged breach in China raises concerns about the reliability of Apple’s assurances regarding the security of this wireless transfer method. This situation underscores the persistent challenges in maintaining the security of digital systems and the evolving strategies adopted by authorities to address potential threats in the online realm.
