Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Why doesn't Apple fix known AirDrop security flaws

7 views
Skip to first unread message

cris

unread,
Apr 23, 2021, 7:49:38 PM4/23/21
to
https://mashable.com/article/apple-airdrop-security-flaw/

We reached out to Apple to confirm the findings and to ask if indeed it was
alerted to the vulnerability in 2019. We received no immediate response.

Notably, this is not the first questionable privacy situation tied to
AirDrop. In 2019, researchers discovered that they were able to determine
users' phone numbers based on the partial hashes AirDrop sends out.

It's not clear if that concern was ever addressed by Apple, especially as
the vulnerability disclosed this week appears similar in nature.

Lewis

unread,
Apr 24, 2021, 4:17:19 AM4/24/21
to
In message <s5vmee$m05$1...@neodome.net> cris <cr...@removespam.me.com> wrote:
> https://mashable.com/article/apple-airdrop-security-flaw/

> We reached out to Apple to confirm the findings and to ask if indeed it was


Once gain, you post links without information on what the link actually
is.

It appears athat this "flaw" effects people who accept a AirDrop from an
unknown person. There are several false click-bait statements in the article,
including that airdrop is used to harrass people by sending them
questionable and unwanted pictures.

This is bullshit, since you have to ACCEPT AirDrop requests, and click
to open them.

In short, this flaw is largely meaningless and the upshot is "don't
accept AirDrop request from people you don't know" which is something
even a very stupid person should already know.

--
"Why, you stuck-up, half-witted, scruffy-looking... NERFHERDER!"
"Who's Scruffy looking?"

cris

unread,
Apr 24, 2021, 9:26:09 AM4/24/21
to
On 24/04/2021 08:17, Lewis wrote:

> Once gain, you post links without information on what the link actually
> is.

The main news is in the title which is a question as to why Apple doesn't
fix it even though it has existed for years and is all over the recent news.

It's certainly a privacy leak.
https://9to5mac.com/2021/04/23/airdrop-flaw/

Why wouldn't Apple fix a zero-click privacy leak by default?

> It appears athat this "flaw" effects people who accept a AirDrop from an
> unknown person. There are several false click-bait statements in the article,
> including that airdrop is used to harrass people by sending them
> questionable and unwanted pictures.

This is a zero-click flaw when you use the default AirDrop settings.
https://www.macrumors.com/2021/04/23/airdrop-researchers-security-flaw/

The question is why doesn't Apple care to fix a zero click privacy leak?

> This is bullshit, since you have to ACCEPT AirDrop requests, and click
> to open them.

This is a zero click privacy leak when the device is set to the defaults.
That's not in question.

What's in question is why doesn't Apple fix this zero click privacy leak?
https://thecyberwire.com/newsletters/privacy-briefing/3/78

> In short, this flaw is largely meaningless and the upshot is "don't
> accept AirDrop request from people you don't know" which is something
> even a very stupid person should already know.

Nobody but you and Apple are apparently thinking it's meaningless.
https://www.tomsguide.com/news/apple-airdrop-flaw-exposes-15-billion-devices-what-to-do

Given it's a zero click privacy leak by default why doesn't Apple fix it?

Lewis

unread,
Apr 24, 2021, 1:48:34 PM4/24/21
to
In message <s6169d$d26$1...@neodome.net> cris <cr...@removespam.me.com> wrote:
> On 24/04/2021 08:17, Lewis wrote:

>> Once gain, you post links without information on what the link actually
>> is.

> The main news is in the title which is a question as to why Apple doesn't
> fix it even though it has existed for years and is all over the recent news.

> It's certainly a privacy leak.
> https://9to5mac.com/2021/04/23/airdrop-flaw/

> Why wouldn't Apple fix a zero-click privacy leak by default?

Because for 99.999% of iPhone users it is a non-issue. How often do you
open up AirDrop to scan for nearby people? Have you ever done it? I have
done it twice, both times were when I was somewhere without cellular
service and wanted to exchange photos with people in our group (once on
a cruise ship, once on a zodiak boat off the shore of Alaska).

> This is a zero-click flaw when you use the default AirDrop settings.

It is not a zero click flaw, since you have to open the AirDrop sharing
screen and scan for nearby devices.

"All they require is a Wi-Fi-capable device and physical proximity to a
target that initiates the discovery process by opening the sharing pane
on an iOS or macOS device."

NB: "to a target that initiates the discovery process"

> The question is why doesn't Apple care to fix a zero click privacy leak?

Because it is not a zero-click privacy leak and it is a very narrow
ege-case that will affect nearly no one.

>> This is bullshit, since you have to ACCEPT AirDrop requests, and click
>> to open them.

> This is a zero click privacy leak when the device is set to the defaults.
> That's not in question.

Ah, there is the shitbag troll. You snipped what I said so you could
reply with something entirely irrelevant. What I said, that you snipped,
you shithead troll cunt, is that the article you first posted contained
bullshit and lies, caliming that AirDrop was used to harrass people.
This si a lie, since you have to ACCEPT AirDrop files and links.

So you can fuck off now and crawl back into your shithole, Arleen
Sockpuppet.


--
"Are you pondering what I'm pondering?"
"I think so, Brain, but isn't a cucumber that small called a
gherkin?"

cris

unread,
Apr 24, 2021, 10:05:58 PM4/24/21
to
On 24/04/2021 17:48, Lewis wrote:

> "All they require is a Wi-Fi-capable device and physical proximity to a
> target that initiates the discovery process by opening the sharing pane
> on an iOS or macOS device."

Satisfied with what I quoted yet?

Now you can get to the question which was asked of why doesn't Apple fix it?
0 new messages