Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Privacy Apple

Apple Knew AirDrop Users Could Be Identified and Tracked as Early as 2019 (cnn.com) 27

Security researchers warned Apple as early as 2019 about vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they recently used to track down users of the feature, the researchers told CNN, in a case that experts say has sweeping implications for global privacy. From a report: The Chinese government's actions targeting a tool that Apple customers around the world use to share photos and documents -- and Apple's apparent inaction to address the flaws -- revive longstanding concerns by US lawmakers and privacy advocates about Apple's relationship with China and about authoritarian regimes' ability to twist US tech products to their own ends.

AirDrop lets Apple users who are near each other share files using a proprietary mix of Bluetooth and other wireless connectivity without having to connect to the internet. The sharing feature has been used by pro-democracy activists in Hong Kong and the Chinese government has cracked down on the feature in response. A Chinese tech firm, Beijing-based Wangshendongjian Technology, was able to compromise AirDrop to identify users on the Beijing subway accused of sharing "inappropriate information," judicial authorities in Beijing said this week. Although Chinese officials portrayed the exploit as an effective law enforcement technique, internet freedom advocates are urging Apple to address the issue quickly and publicly.

This discussion has been archived. No new comments can be posted.

Apple Knew AirDrop Users Could Be Identified and Tracked as Early as 2019

Comments Filter:
  • Of course they can be tracked!

    • It is not the nature of technology.
      It is the nature of the asshats that run the companies that make the tech.
      • It IS the nature of the technology. It's a tracking device, and someone is gonna find a way to listen in on it.

        Apple's poor implementation is irrelevant.

    • Add to this Apple's habit of turning Bluetooth back on after every system update and yes the gadget is blabbing your existence to everyone in range.

    • by jmccue ( 834797 )

      I mentioned China can spy on Apple Encryption years ago, of course Apple Fans modded me done to nothing :) So go ahead, start the down-mods.

      I will say it here again. Money trumps (no pun intended) security 100% of the time. Again, I am sure all devices sold to regular people in China can be tracked and viewed by the Gov.

  • by FuzzMaster ( 596994 ) on Friday January 12, 2024 @11:27AM (#64153045)
    If it can be restricted to people in your contacts list, it's seems pretty clear that it has some identifying features, even if they aren't well documented. I don't remember Apple ever claiming that it was intended as an anonymous method of transfer.
    • Considering that AirDrop has been abused to send sexually harassing photos and videos [mirror.co.uk] to strangers and to send bomb threats on planes [aerotime.aero], the fact that it is not anonymous is actually a good thing. The whole concept of sending unsolicited messages to other people's phones is highly problematic.

      • by Bert64 ( 520050 )

        There are many other ways to send unsolicited messages to other peoples phones, that's pretty much the primary function of phones.

      • by tlhIngan ( 30335 )

        Exactly. I would assume that if I received an AirDrop that it would tell me who sent it because I don't want to receive spam or arbitrary things. I presume if someone used AirDrop to send me a file, it would tell me who it is so I can approve the transfer for reject it at the very least.

        Getting things sent to you anonymously would be seen as a misfeature these days given spam everything.

      • Considering that AirDrop has been abused to send sexually harassing photos and videos [mirror.co.uk] to strangers and to send bomb threats on planes [aerotime.aero], the fact that it is not anonymous is actually a good thing. The whole concept of sending unsolicited messages to other people's phones is highly problematic.

        The putative Recipient Must Always Agree to Accept the Connection.

        They even Fixed the "Allow Everyone to Discover Me Forever" Issue; and then got bitched-at for THAT!!!

        • >>The putative Recipient Must Always Agree to Accept the Connection.

          But the pop-up they get to accept the connection includes a preview of the message, so essentially they receive a summary of the message (including a thumbnail of the image) whether they accept or not, which is more than enough to be harassing/threatening.

          • >>The putative Recipient Must Always Agree to Accept the Connection.

            But the pop-up they get to accept the connection includes a preview of the message, so essentially they receive a summary of the message (including a thumbnail of the image) whether they accept or not, which is more than enough to be harassing/threatening.

            Maybe that's new for iOS 17 (I run iOS 16); but I don't recall any Summary/Thumbnail on any AirDrop Transfer I have done.

    • by gweihir ( 88907 )

      No idea why people ascribe magic properties to things they do not fully understand (or at all). Some kind of wishful thinking going on with far too many people.

  • by guruevi ( 827432 ) on Friday January 12, 2024 @11:31AM (#64153063)

    They're being used because the tech is prevalent and simple to use, people are being hunted down because governments don't like dissenting voices.

    There is literally nothing new about this, off course you can listen and track radios, even if they were just an oscillator sending static, with sufficiently precise hardware you can uniquely identify any piece of electronics, just like you can track printers with or without the intentionally added dots in the ink by minute variations in the product, so if they used pamphlets, information distribution for the cause would be slower and potentially even more risky and takedowns more impactful.

  • And they knew even before when they designed it. Apple engineers are not totally incompetent, after all.

    • and the same engineers do not want to help the FBI but they will jump for anything that china wants!

      • +5 Insightful as FUCK.

      • Unfortunately, the hard-real-world-reality is the FBI isn’t gonna kick Apple out of the US while the Chinese government is practically BEGGING Apple to give them a reason to crack down. Apple responds accordingly.

        Apple is a for-profit company. They exist to turn a dollar into a dollar+extra. That’s what they do. That’s why they exist. NOTHING MORE. People on both sides of the political spectrum don’t get that last part, and expect companies to do all sorts of stuff they simply gi
  • Carry on then.

  • At what point is Apple considered criminally negligent? In 2021 Apple sued the NSO for targeting their users with no-click hacks. These kinds of attacks lead to everything from extortion and identity to death threats and murder (Jamal Khashoggi). So two years ago, Apple went on the record in a legal setting saying that their phones were compromised.
    https://www.apple.com/newsroom... [apple.com]

    Well on their own websites they're still telling customers that their phones are safe and that they should store all the
    • by Bert64 ( 520050 )

      The point is no device is secure, and the more widely used something is the more motivated various groups will be to find bugs in it.
      Attacks have happened not just against apple devices, but also against android devices, against windows devices and various unix based servers, and nodoubt some of these have resulted in people being tortured or killed too.

  • Yes, apple knew about it in 2019, but they caved to pressure from the CCP even then knowing eventually they'd decrypt it so no change were even contemplated.
  • Apple (for now) depends on China to produce many apple products. The CCP probably demanded a "back door" or other open area so they could pull data.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...