Beijing Claims Success in Cracking Apple’s AirDrop Encryption
In a recent statement, the Beijing Municipal Bureau of Justice announced that the Beijing Wangshendongjian Forensic Appraisal Institute, working with the Chinese government, has reportedly cracked the encryption of Apple’s AirDrop. This feature, commonly used for transferring files between Mac and iOS devices, has been a target for analysis due to concerns about transmitting inappropriate content. The institute claims to have successfully revealed the sender’s device name, email address, and mobile phone number, previously protected by AirDrop’s encryption.
Exploiting a Reported Flaw in Apple’s AirDrop
The alleged crack is said to have exploited a reported flaw in Apple’s AirDrop protocol. According to the statement, the institute’s technical team created a detailed ‘rainbow table’ to convert the cipher text into original text, thereby quickly identifying the sender’s mobile phone number and email account. Beijing authorities deemed This move necessary to address cases where iPhones received inappropriate content in public places, particularly in the Beijing subway.
Contrarian Statement: Apple Informed of Flaw in 2019
Contrary to the recent claims, it’s reported that the flaw leading to the AirDrop crack was communicated to Apple by TU Darmstadt researchers in 2019. The institute’s exploit allegedly relied on Apple’s insecure use of hash functions for ‘obfuscating’ contact identifiers in the AirDrop protocol execution, a concern raised by security researchers back in 2019.
Potential Political Implications for Apple and China
If Apple had addressed the reported flaw before China exploited it, the situation might have been different. Cryptography expert Matthew Green emphasizes that fixing the flaw could have significant political implications for Apple’s relationship with China, especially considering the exploit’s use in evading censorship.
AirDrop’s Role in Protests and Limitations in China
AirDrop has played a role in pro-democracy protests, including the 2019 Hong Kong demonstrations. Reports indicate that it was used to share information about protests, making it challenging for authorities to monitor and control the flow of information. In response to such concerns, Apple limited file-sharing for Chinese iPhone users in 2022, further complicating the use of AirDrop for sharing files with unknown contacts.
AirDrop’s Security Concerns and China’s Exploitation
The revelation of China’s success in cracking AirDrop encryption raises broader questions about the security of popular features and the implications of such exploits. While the focus has been on addressing the immediate concerns of inappropriate content distribution, the long-term impact on user trust and the relationship between technology giants like Apple and countries like China remains to be seen. Apple has yet to respond to inquiries regarding the reported AirDrop vulnerability.