Apple logo on building showing AirDrop sharing encryption cracked

Beijing Claims Chinese Tech Firm Has Cracked Apple’s AirDrop Sharing Encryption

Judicial officials in Beijing have announced that they now have the capability of cracking Apple’s AirDrop sharing encryption and identifying senders, after officials identified several people accused of sending “inappropriate information” to other passengers of the city subway system.

The city’s Justice Bureau says that Wangshendongjian Technology has provided it with the capability to capture mobile phone numbers and email addresses associated with the sending device. The announcement is ostensibly in response to mounting frustration with nuisance advertising and inappropriate content being pushed on the city’s public transit systems, but AirDrop sharing is also widely used as a secure means of anti-government protest in the country.

AirDrop sharing previously targeted by government after protests

AirDrop sharing allows Apple devices in close proximity to directly connect to each other for file transfers that do not require an internet connection. The feature can leverage a shared WiFi connection for faster transfers, but can also transfer entirely without internet between two devices that are in Bluetooth range of each other.

This has made it popular among government critics and dissidents, for the purposes of spreading literature and communicating securely during protest events. A series of vigorous protests against president Xi Jinping in late 2022 prompted the national government to push Apple to limit AirDrop functionality in the country. This prompted Apple to limit AirDrop sharing only to people that have each other listed as contacts after an initial 10-minute window. As of iOS 16.2, Apple devices have now globally adopted a similar feature that requires users to manually revert to sharing with “everyone” in the area every 10 minutes. Apple has said that this is not about pressure from China, but to curb widespread problems of unsolicited sharing of sexual content with strangers.

In an online post, Beijing officials touted the “efficiency and accuracy of case-solving” that the new technology provides. However, they have yet to confirm that any of the suspects named using this technique have been arrested. Apple has yet to comment on the issue.

“Rainbow tables” may be behind AirDrop security issues

The actual security of AirDrop sharing has been in question since at least 2021, when researchers based in Germany published a paper documenting a flaw in the feature’s authentication mechanism. The researchers found that anyone in proximity to the AirDrop sharing could potentially perform a brute force attack to crack the hashing that protects the contact information of the sharing parties. Apple reportedly received internal notification of this flaw in 2019, but has yet to address it.

Security researchers have since at least partially verified that this theoretical attack works as advertised. The process that controls AirDrop sharing can be explored to find the name of the sending phone in plaintext along with hash values for its phone number and email. The key to the attack appears to be that the receiving phone stores these hashes locally, meaning that spies can authorize the transfer of a file and then take the information elsewhere to be cracked (a fairly trivial process to uncover phone numbers); alternately, police could take it from a seized phone.

Further research by Ars Technica indicates that the protocol Apple uses to encrypt AirDrop sharing is insufficiently secure, and that the time normally taken to employ a brute force “dictionary” attack can be cut down by the use of pre-compiled “rainbow tables.” In theory this could allow the contact information to be extracted from hashes in just a few milliseconds, or potentially in real-time as a spy is physically near a message sender.

China and Apple have a complicated relationship, as the latter bases much of its manufacturing in the former and also has a massive customer base there. Questions about the Chinese government’s use of companies in this position to influence policy now date back over a decade. Apple now has a string of specific incidents of appearing to kowtow to China’s requests due to economic pressure, including removing apps from its store at the request of the government. Until recently, buying an iPhone had been seen as a simple (if pricey) way to get around China’s internet censorship policies as the regional App Store allowed for the download of geoblocked apps such as YouTube and Instagram.

AirDrop sharing has also always been an inherent security issue due to the fact that there is no file screening, making it possible for strangers to pass a malicious file to victims in this way. Protesters in China have been known to employ alternate Bluetooth communication methods such as Bridgefly, and secure messaging apps such as Telegram and Signal in conjunction with a VPN service that provides an adequate feature set.