Apple Knew AirDrop Users Could Be Identified and Tracked as Early as 2019 (cnn.com) 27
Security researchers warned Apple as early as 2019 about vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they recently used to track down users of the feature, the researchers told CNN, in a case that experts say has sweeping implications for global privacy. From a report: The Chinese government's actions targeting a tool that Apple customers around the world use to share photos and documents -- and Apple's apparent inaction to address the flaws -- revive longstanding concerns by US lawmakers and privacy advocates about Apple's relationship with China and about authoritarian regimes' ability to twist US tech products to their own ends.
AirDrop lets Apple users who are near each other share files using a proprietary mix of Bluetooth and other wireless connectivity without having to connect to the internet. The sharing feature has been used by pro-democracy activists in Hong Kong and the Chinese government has cracked down on the feature in response. A Chinese tech firm, Beijing-based Wangshendongjian Technology, was able to compromise AirDrop to identify users on the Beijing subway accused of sharing "inappropriate information," judicial authorities in Beijing said this week. Although Chinese officials portrayed the exploit as an effective law enforcement technique, internet freedom advocates are urging Apple to address the issue quickly and publicly.
AirDrop lets Apple users who are near each other share files using a proprietary mix of Bluetooth and other wireless connectivity without having to connect to the internet. The sharing feature has been used by pro-democracy activists in Hong Kong and the Chinese government has cracked down on the feature in response. A Chinese tech firm, Beijing-based Wangshendongjian Technology, was able to compromise AirDrop to identify users on the Beijing subway accused of sharing "inappropriate information," judicial authorities in Beijing said this week. Although Chinese officials portrayed the exploit as an effective law enforcement technique, internet freedom advocates are urging Apple to address the issue quickly and publicly.
It's the nature of the technology... (Score:2)
Of course they can be tracked!
Re: (Score:1)
It is the nature of the asshats that run the companies that make the tech.
Re: (Score:2)
It IS the nature of the technology. It's a tracking device, and someone is gonna find a way to listen in on it.
Apple's poor implementation is irrelevant.
Re: (Score:3)
It IS the nature of the technology. It's a tracking device, and someone is gonna find a way to listen in on it.
Apple's poor implementation is irrelevant.
Are you confusing AirDrop [wikipedia.org] with AirTag [wikipedia.org]?
Re: (Score:2)
Shoot, I am. Thanks.
Re: (Score:2)
Add to this Apple's habit of turning Bluetooth back on after every system update and yes the gadget is blabbing your existence to everyone in range.
Re: (Score:2, Insightful)
But remember, Apple cares about your privacy! /s
Re: (Score:3)
I mentioned China can spy on Apple Encryption years ago, of course Apple Fans modded me done to nothing :) So go ahead, start the down-mods.
I will say it here again. Money trumps (no pun intended) security 100% of the time. Again, I am sure all devices sold to regular people in China can be tracked and viewed by the Gov.
I always assumed it was not anonymous (Score:5, Interesting)
Re: (Score:3)
Considering that AirDrop has been abused to send sexually harassing photos and videos [mirror.co.uk] to strangers and to send bomb threats on planes [aerotime.aero], the fact that it is not anonymous is actually a good thing. The whole concept of sending unsolicited messages to other people's phones is highly problematic.
Re: (Score:2)
There are many other ways to send unsolicited messages to other peoples phones, that's pretty much the primary function of phones.
Re: (Score:2)
Exactly. I would assume that if I received an AirDrop that it would tell me who sent it because I don't want to receive spam or arbitrary things. I presume if someone used AirDrop to send me a file, it would tell me who it is so I can approve the transfer for reject it at the very least.
Getting things sent to you anonymously would be seen as a misfeature these days given spam everything.
Re: (Score:2)
Considering that AirDrop has been abused to send sexually harassing photos and videos [mirror.co.uk] to strangers and to send bomb threats on planes [aerotime.aero], the fact that it is not anonymous is actually a good thing. The whole concept of sending unsolicited messages to other people's phones is highly problematic.
The putative Recipient Must Always Agree to Accept the Connection.
They even Fixed the "Allow Everyone to Discover Me Forever" Issue; and then got bitched-at for THAT!!!
Re: (Score:2)
>>The putative Recipient Must Always Agree to Accept the Connection.
But the pop-up they get to accept the connection includes a preview of the message, so essentially they receive a summary of the message (including a thumbnail of the image) whether they accept or not, which is more than enough to be harassing/threatening.
Re: (Score:2)
>>The putative Recipient Must Always Agree to Accept the Connection.
But the pop-up they get to accept the connection includes a preview of the message, so essentially they receive a summary of the message (including a thumbnail of the image) whether they accept or not, which is more than enough to be harassing/threatening.
Maybe that's new for iOS 17 (I run iOS 16); but I don't recall any Summary/Thumbnail on any AirDrop Transfer I have done.
Re: (Score:2)
No idea why people ascribe magic properties to things they do not fully understand (or at all). Some kind of wishful thinking going on with far too many people.
Radios can be listened to, news at 11 (Score:5, Insightful)
They're being used because the tech is prevalent and simple to use, people are being hunted down because governments don't like dissenting voices.
There is literally nothing new about this, off course you can listen and track radios, even if they were just an oscillator sending static, with sufficiently precise hardware you can uniquely identify any piece of electronics, just like you can track printers with or without the intentionally added dots in the ink by minute variations in the product, so if they used pamphlets, information distribution for the cause would be slower and potentially even more risky and takedowns more impactful.
Obviously (Score:2)
And they knew even before when they designed it. Apple engineers are not totally incompetent, after all.
and the same engineers do not want to help the FBI (Score:3)
and the same engineers do not want to help the FBI but they will jump for anything that china wants!
Re: (Score:2)
+5 Insightful as FUCK.
Re: (Score:2)
Apple is a for-profit company. They exist to turn a dollar into a dollar+extra. That’s what they do. That’s why they exist. NOTHING MORE. People on both sides of the political spectrum don’t get that last part, and expect companies to do all sorts of stuff they simply gi
But It's Pretty. (Score:1)
Carry on then.
At what point is Apple considered... (Score:2)
https://www.apple.com/newsroom... [apple.com]
Well on their own websites they're still telling customers that their phones are safe and that they should store all the
Re: (Score:2)
The point is no device is secure, and the more widely used something is the more motivated various groups will be to find bugs in it.
Attacks have happened not just against apple devices, but also against android devices, against windows devices and various unix based servers, and nodoubt some of these have resulted in people being tortured or killed too.
Of course Apple will NOT fix the Airdrop problem (Score:2)
Duh! It's CHINA (Score:1)