Security researchers warned Apple as early as 2019 about vulnerabilities in its AirDrop wireless sharing function that Chinese authorities claim they recently used to track down users of the feature, and even proposed a way to close the secuirty hole, but the company reportedly did nothing about it.
Sean Lyngaas and Brian Fung for CNN:
The Chinese government’s actions targeting a tool that Apple customers around the world use to share photos and documents — and Apple’s apparent inaction to address the flaws — revive longstanding concerns by US lawmakers and privacy advocates about Apple’s relationship with China and about authoritarian regimes’ ability to twist US tech products to their own ends.
The Chinese claim has alarmed top US lawmakers. Florida Sen. Marco Rubio, the leading Republican on the Senate Intelligence Committee, called on Apple to act swiftly.
“Anyone using an iPhone should be concerned with the security of Apple’s AirDrop function,” Rubio told CNN. “This breach is just another way for Beijing to target any Apple user it perceives to be an opponent. The time to act is now, and Apple must be held accountable for failing to safeguard its users against such blatant security breaches.”
A group of Germany-based researchers at the Technical University of Darmstadt, who first discovered the flaws in 2019, told CNN Thursday they had confirmation Apple received their original report at the time but that the company appears not to have acted on the findings. The same group published a proposed fix for the issue in 2021, but Apple appears not to have implemented it, the researchers said.
One of the researchers, Milan Stute, shared an email with CNN showing a representative of Apple’s product security team acknowledging the researchers’ report in 2019.
According to a separate 2021 analysis of the Darmstadt research by the UK-based cybersecurity firm Sophos, Apple appeared not to have taken the extra precaution of adding bogus data to the mix to further randomize the results — a process known as “salting.”
That apparent failure allowed the Chinese tech firm to more easily reverse-engineer the original information from the encrypted data, in what seems to be “kind of an amateur mistake” by Apple, said Sascha Meinrath, the Palmer chair in telecommunications at Penn State University. “It certainly merits an explanation from Apple since it would point to a serious flaw in their technology.”
MacDailyNews Take: Mistake – or intentional, given Apple’s crippling dependence on China – it’s not a good look for supposedly privacy- and security-focused Apple.
Apple is famously averse to greasing palms in order to get things done. That is laudable, but presents a problem when greasing palms is the only way out of a sticky situation. Luckily, there are respectable, legal ways to grease the required palms. – MacDailyNews, May 13, 2016
See also:
• China claims to have found way to identify AirDrop senders – January 9, 2024
• Is 2024 the year Apple’s crippling dependence on China finally blows up? – January 3, 2024
• Tim Cook firmly latched Apple onto China’s CCP teat. What’s his plan for weaning it off? – November 2, 2022
• Apple CEO Tim Cook signed secret $275+ billion deal with China in 2016 – December 7, 2021
• Why Apple’s $1 billion investment in Didi Chuxing is so weird – June 3, 2016
Please help support MacDailyNews. Click or tap here to support our independent tech blog. Thank you!
Support MacDailyNews at no extra cost to you by using this link to shop at Amazon.
Not difficult to imagine this scenario:
CCP: You’re moving production to Vietnam and India. You’ll soon be dead to us.
Cook: Along with investing billions each year in “environmental projects” in China (our leftist sap customers will eat that up), we’ll also leave that AirDrop tracking hole unpatched which should prove very useful for you.
CCP: Deal!
Tim Cook is a bad guy.
He’s got a lot of people fooled (not those running MacDailyNews, for sure).
“He’s a gay who cares about the planet!” the morons shout. Like the rest of the globalist elites, Cook laughs at you behind closed solid gold doors.
Hey, what did Apple get for their $1 billion investment in Didi Chuxing, Tim Cook’s second biggest investment next to Beats Electronics?
It’s not his sexuality that’s the problem, technically that’s not of concern, but his partnership and compliance with the CCP is everyone business. And now that Apple sales in China are down massively. Apple is in a loose loose situation. Do a deal with the devil and pay the price sooner or later. Heck even google and meta didn’t bend the knee to the CCPeePee
Is it any surprise that a company that has been caught with a few privacy/security “ooppsies” over the yrs and bends & bows to the #1 security state in the World, would slip and slide with such a matter discussed here?
I’ve long been conflicted with Apple’s presentation of the pristine when it comes to privacy. Being on the periphery, I’d bet a good amount of $$ that Apple is far dirtier than I’d ever guess. Any business that “cooperates” with govt requests isn’t automatically a colluder, but it opens wide the door to make it a realistic likelihood. Gone are the good days…shake the hand with the plutocracy.
Long ago I called for the firing of Tim Cook. The feckless knob slobbers here ridiculed me despite my calling out EVERYTHING that is wrong with Tim Cook today. This was visible and known to be coming YEARS ago. No matter how many one star comments I got, I never wavered and continually called for the firing of Tim Cook.
Today, ALL I see is 100% dissatisfaction with Tim Cook. Yeah, well welcome to my world. I called it way before rabid drooling morons that infect this place caught on.
Tim Cook is an unmitigated disaster for Apple. Everywhere you look Apple is one or more generations behind the newest technological movements. Imagine if Apple invested the tens of BILLIONS of dollars it crapped away setting up Apple TV+ into something like generative AI.
To the feckless Tim Cook knob slobbers: Nice of you to catch up.
FIRE Tim Cook!
Perhaps, if you developed some basic communication skills, people might be inclined to pay more attention to you.
Any way you look at it, Ed Snowden warned us that no phone is safe. Keep that in mind at all times. Data is what they’re after as data can be used to predict future tendencies and events. History repeats itself and all of history is data. Your history, my history and global history is there for the taking. Our phones are data collectors and as useful and helpful as they are, they also expose us to manifold risks.
Just consider your phone to be a silent third party with perfect memory and act accordingly.