The Chinese government has claimed that it has found a way to identify individuals who send messages via the iOS AirDrop feature, in spite of Apple’s encryption. According to reports from Bloomberg, the Beijing institute that developed the state-sponsored hack has boasted about its success in making it easier for police to identify suspects.
The Beijing Judicial Appraisal Institute stated that the forensic appraisal of the case of improper information disseminated through AirDrop on mobile phones, broke through the technical difficulties of anonymous traceability through AirDrop, and improves the efficiency and accuracy of case-solving. The case study that revealed the AirDrop encryption crack involved improper messages sent on the metro to all those around who had the AirDrop feature turned on. The Beijing Wangshendongjian Forensic Appraisal Institute created a 10-person team to apply the hacking knowledge, involving 6 forensic engineers and the relevant certified equipment.
The forensic technical experts from the Beijing Wangshendongjian Forensic Appraisal Institute conducted an in-depth analysis of iPhone device logs to clarify the transmission principle and found records related to AirDrop. After inspection, it was found that the fields related to the sender’s device name, email address, and mobile phone number were recorded in the form of hash values, and some of the hash value fields were hidden. In order to quickly crack this field, the technical team created a detailed “rainbow table” of mobile phone numbers and email accounts, which can convert the cipher text into original text and quickly lock the sender’s mobile phone number and email account.
The significant news here is that a Chinese government entity has managed to crack Apple’s AirDrop messaging encryption in order to identify message senders. This raises concerns about privacy and surveillance. Apple has previously made changes to the AirDrop feature in China due to protestors using it to disseminate antigovernmental messages and posters. However, the Chinese government’s ability to identify senders of messages through this hack could have a chilling effect on the use of the messaging avenue for various purposes.