AirDrop Privacy Leaks and Abuse Cases

AirDrop Privacy Leaks and Abuse Cases

Table of Contents

How AirDrop Discovery Works

AirDrop uses a two-phase discovery process. First, it uses Bluetooth Low Energy (BLE) to find nearby Apple devices. The sending device broadcasts BLE advertisement packets, and nearby devices respond if they have AirDrop enabled. This BLE phase identifies potential recipients within radio range.

Once BLE discovery identifies nearby devices, AirDrop establishes a direct WiFi connection using Apple Wireless Direct Link (AWDL), a proprietary peer-to-peer WiFi protocol. The actual file transfer occurs over this WiFi connection, which provides the bandwidth needed for large files.

Between the BLE discovery and the WiFi transfer, there is a contact matching step. When AirDrop is set to "Contacts Only," the devices need to determine whether the sender is in the recipient's contact list - without revealing the full contact list to either party. This is where the privacy vulnerability lies.

graph TD
    subgraph "AirDrop Discovery Protocol"
        A[Sender Enables AirDrop] --> B[BLE Advertisement Broadcast]
        B --> C[Nearby Device Responds via BLE]
        C --> D[Contact Matching Phase]
        D --> E[Exchange Partial SHA-256 Hashes]
        E --> F{Contact Match?}
        F -->|Yes| G[Show Sender Name and Photo]
        F -->|No - Everyone Mode| G
        F -->|No - Contacts Only| H[Reject Connection]
        G --> I[AWDL WiFi Connection]
        I --> J[File Transfer]
    end

AirDrop discovery process - the contact matching phase leaks partial hashes of phone numbers and emails

The Hash Leak Vulnerability

During the contact matching phase, both devices exchange truncated SHA-256 hashes of their phone numbers and email addresses. The idea is that each device can check these hashes against its local contact list: if any hash matches a contact's phone number or email, the sender is recognized as a known contact.

Researchers at the Technical University of Darmstadt published findings in 2019 and 2021 showing that these hashes could be reversed. The fundamental problem is that phone numbers have low entropy. A phone number typically contains 10-12 digits. The total number of possible phone numbers in a given country is finite and relatively small - on the order of billions, not trillions.

A brute-force attack against SHA-256 hashes of phone numbers is computationally trivial. An attacker can pre-compute SHA-256 hashes for every possible phone number in a country (or globally) and store them in a lookup table. When they capture a hash from an AirDrop exchange, they simply look it up in the table to find the corresponding phone number.

Reversing the Hashes

The Darmstadt researchers demonstrated that they could reverse AirDrop hashes to recover phone numbers in milliseconds using pre-computed rainbow tables. The attack works because hashing alone does not provide privacy when the input space is small enough to enumerate.

graph TD
    subgraph "Hash Reversal Attack"
        A[Capture AirDrop BLE Packets] --> B[Extract Partial SHA-256 Hashes]
        B --> C[Compare Against Pre-computed Table]
        C --> D[All Phone Numbers Hashed in Advance]
        D --> E[Match Found in Milliseconds]
        E --> F[Phone Number Recovered]
        F --> G[Owner Identity Determined]
    end
    subgraph "Why Hashing Alone Fails"
        H[Phone Numbers: ~10 Billion Combinations]
        I[SHA-256 of All Numbers: Minutes to Compute]
        J[Lookup Time: Milliseconds]
    end

Hash reversal attack on AirDrop - low entropy inputs make hash-only protection ineffective

For email addresses, the attack is harder but not impossible. Common email patterns (firstname.lastname@gmail.com) can be enumerated using public data sources. Corporate email addresses follow predictable patterns. The researchers noted that while email hash reversal is not as trivial as phone number reversal, it remains feasible for targeted attacks.

The researchers proposed using Private Set Intersection (PSI) protocols as a fix - cryptographic techniques designed specifically for contact matching without revealing contact information. Apple did not adopt this recommendation.

Cyber Flashing Incidents

Beyond the hash leak vulnerability, AirDrop has been widely abused for "cyber flashing" - sending unsolicited explicit images to strangers. When AirDrop is set to receive from "Everyone," a preview of the incoming file appears on the recipient's screen before they accept or decline it. For images, this preview is large enough to display explicit content.

Documented incidents include widespread reports on the New York City subway system, where commuters received unsolicited explicit images via AirDrop during their commute. Similar reports surfaced on the London Underground, on commercial flights, and in other enclosed public spaces where people are in close proximity for extended periods.

Law enforcement has struggled with these cases. In many jurisdictions, existing indecent exposure laws were written for physical acts and do not clearly cover digital transmission. Some jurisdictions have since updated their laws. Texas passed a law in 2019 specifically criminalizing the sending of unsolicited explicit images by any electronic means. The UK's Online Safety Act (2023) includes provisions covering cyber flashing.

Censorship Circumvention and Government Surveillance

AirDrop gained unexpected political significance in China during the 2022 protests against COVID-19 restrictions. Protesters used AirDrop to distribute pamphlets and images to strangers on public transit, bypassing internet censorship and messaging app surveillance. AirDrop's peer-to-peer nature meant the content was never transmitted through network infrastructure that the government could monitor.

The Chinese government responded by reportedly working to crack the AirDrop contact matching hashes - the same vulnerability the Darmstadt researchers had identified. In January 2024, reports indicated that a Beijing-based forensics firm had developed tools to identify AirDrop senders by reversing the phone number and email hashes exchanged during the discovery process.

Apple subsequently introduced a 10-minute timeout for the "Everyone" AirDrop setting in iOS 16.1 (November 2022), initially deployed only in China. After the timeout, AirDrop reverts to "Contacts Only." This change was later rolled out globally in iOS 16.2. Critics noted that the timing coincided with the Chinese government's efforts to suppress AirDrop-based protest communication.

Apple's Response

Apple has made several changes to AirDrop in response to both the privacy vulnerability and the abuse problems.

In iOS 16.1 (2022), the default AirDrop setting was changed to "Contacts Only" for new devices and fresh installations. Previously, some regions defaulted to "Everyone." The 10-minute timeout for the "Everyone" setting was added in iOS 16.1 for China and iOS 16.2 globally.

These changes reduced the abuse surface but did not address the underlying hash leak vulnerability. The contact matching protocol still uses the same truncated SHA-256 hashes that the Darmstadt researchers demonstrated could be reversed. Apple has not publicly acknowledged the hash reversal vulnerability or committed to implementing a more secure contact matching protocol.

The Role of BLE in AirDrop

AirDrop's BLE advertisements are continuously broadcast by Apple devices, even when AirDrop is not actively being used. These BLE advertisements contain rotating identifiers that Apple uses for device discovery across its ecosystem - including AirDrop, Handoff, and other Continuity features.

Researchers have shown that these BLE advertisements leak device state information: whether the screen is on, whether the device is locked, the operating system version, and in some cases, partial device identifiers. A passive BLE scanner in a crowded space can observe these advertisements from every Apple device in range.

The BLEShark Nano's BLE scanning capability can detect and log these Apple BLE advertisements, showing the density and behavior of Apple devices in a given area. For security researchers and penetration testers, this provides visibility into the BLE environment and the devices that populate it.

Broader Privacy Implications

The AirDrop case illustrates a recurring pattern in consumer technology: convenience features that leak privacy-sensitive information through their wireless protocols. AirDrop was designed to make file sharing effortless. The contact matching feature was designed to let users share with known contacts while blocking strangers. Both design goals are reasonable.

But the implementation used a cryptographic approach (hashing) that does not provide the privacy guarantees it appears to offer. Hashing is not encryption. When the input space is small enough to enumerate, hashing provides no meaningful protection against a determined attacker. This is a well-known limitation in cryptography, and secure alternatives (like Private Set Intersection) exist. The choice to use simple hashing over a more robust approach traded privacy for implementation simplicity.

For users, the practical advice is straightforward: keep AirDrop set to "Contacts Only" or "Receiving Off" unless you are actively expecting a file from a nearby person. Understand that enabling "Everyone" mode exposes information about your device and potentially your identity to any nearby Apple device - or any nearby BLE scanner.

Get the BLEShark Nano - $36.99+
Back to blog

Leave a comment