Chinese institute said it was able to decipher sender email addresses and phone numbers by breaking into Apple’s AirDrop

The Chinese government has said that it can now identify users of Apple devices that share material and messages using AirDrop, the company’s wireless sharing mechanism. An iPhone’s device log can be cracked open by a Chinese organization, exposing the phone numbers and email addresses of those who share media over AirDrop. Activists and dissidents have historically used AirDrop to communicate with other users in an anonymous and difficult-to-monitor way.

An institution in Beijing discovered that Apple keeps the phone numbers and email addresses of customers who have transferred material via AirDrop on an iPhone’s encrypted log files, according to a post uploaded on a Chinese government website (via Bloomberg). According to the report, the Chinese institution was able to get and examine records from phones that police enforcement had given it.

The Chinese government claims that Apple keeps information on an AirDrop sender’s device name, email address, and phone number in the form of hash values. The encrypted material was accessed by the institution using a comprehensive rainbow table, which is a database of reversed hashes. This table would then expose the sender’s identify via their phone number and email address.

Additionally, according to the Chinese government, law enforcement has identified “multiple suspects” in one instance. The institution was able to do this by examining the devices of the sender and the recipient. It’s unclear at this time whether Apple intends to release a patch to address the vulnerability that the agency found.

In 2022, Bloomberg revealed that Apple has restricted the AirDrop wireless sharing feature’s functionality in China as part of the iOS 16.1.1 upgrade. Before, users could receive files from any user, their contacts, or no one at all, according to the US company. However, the first choice was restricted from an always-on mode to a 10-minute timeframe. Later, this restriction was extended to all iPhone models worldwide.

According to the Chinese government’s list of detection techniques, verifying the identities of users may need the usage of both the sender’s and the recipient’s cellphones. With AirDrop, two Apple devices may wirelessly transmit data between them without having an Internet connection or being connected to the same Wi-Fi network. Therefore, by breaking into AirDrop, the government would be able to keep an eye on transfers that are difficult to trace since they operate without Internet connectivity.