this post was submitted on 10 Jan 2024
103 points (91.9% liked)

Technology

59627 readers
2911 users here now

This is a most excellent place for technology news and articles.


Our Rules


  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots


founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
[–] Nomad@infosec.pub 4 points 10 months ago (1 children)

No shit Sherlock. The encryption uses the phone number of the user for hashing. Building a rainbow table for all phone numbers is childsplay.

They use a weakness in the protocol to identify the senders number. They can't see what they send, but who sent something and when and to who.

[–] Ghostalmedia@lemmy.world 14 points 10 months ago* (last edited 10 months ago) (2 children)

Someone correct me if I’m wrong, but it looks like there are two hashes. A short one based on the iCloud account’s email address or phone number, and a long 2048-bit RSA identity that gets stored on the device after logging into iCloud.

It looks like the short identity is basically just used for that initial airdrop screen where you find available targets to airdrop to, but the actual longer, more secure, hash is required for the actual file transfer.

That might explain why finding airdrop contacts is kind of snappy, but there is a bit of a delay after you initiate a transfer.

https://support.apple.com/guide/security/airdrop-security-sec2261183f4/web

Edit: one more thought. If this really was that easy to crack, wouldn’t China have done this years ago? The CCP has been targeting Airdrop for a long long time.

[–] ripcord@lemmy.world 2 points 10 months ago (1 children)

Thank you, incidentally, for contributing so much to Lemmy. You are great.

[–] Ghostalmedia@lemmy.world 1 points 10 months ago

Thanks! Right back at ya!

[–] Nomad@infosec.pub 1 points 10 months ago

Sounds about right. Might be they have some man in the middle shenannigans going on with permanently installed hardware in the subway, but I doubt it. That would be a race condition that you might win with a lot more signal strength, but still...