Attack of the week: Airdrop tracing – A Few Thoughts on Cryptographic Engineering

Chewy@discuss.tchncs.de to Technology@lemmy.world – 74 points –
Attack of the week: Airdrop tracing
blog.cryptographyengineering.com
7

This is a very good article that explains what airdrop is and what the problem is. I'm not an iphone user so I had no clue about any of it before.

I remember sending pictures to friends since bluetooth was on dumb phones, but apple really needs their own special name.

There was a thing called Bump like a decade ago that just disappeared for some reason. Android also had a way to stick phones together and you could just send whatever you had on your screen.

And ever since, sharing between people has become so difficult, nobody uses it. I don't understand why it's had to be this was and that only just now Google and Samsung are getting it together with Nearby Share.

You can still open Nearby Share on the sender phone and touch it on the other phone to start sending.

I keep airdrop off primarily for battery conservation and to avoid false/prank drops, but it’s nice to know I’ve been avoiding this risk as well.

Unfortunately most iPhone users I know forget airdrop even exists and it just stays on constantly.

Why not just add a timestamp that rotates every, say 5 seconds, to the hashed data?

That would make it infeasible to precompute the table permanently (it would have to be precomputed for a very narrow attack window, which is still better than nothing)