Airdrop:

• 2019 年 5 月
  • 德国 - 达姆施塔特工业大学 （德语：Technische Universität Darmstadt）
    • 漏洞调查小组警告苹果公司其 AirDrop 存在安全漏洞，原因是 SHA-256 加密过于老旧，他们宣称自己从 2017 年开始做各类逆向研究。
• 2020 年 7 月
  • 苹果公司表示“没有对新功能进行任何更新，或缓解潜在问题的任何更改。”
• 2020 年 10 月
  • 同年三个月后，该团队直接向苹果公司发送了该问题的解决方案和示例代码，将代码以 PrivateDrop 的 demo 形式公开发布在GitHub上, 该方法可以防止 hash 值被破解。

May 2019 Germany - Technische Universität Darmstadt (German: Technische Universität Darmstadt) The vulnerability investigation team warned Apple that its AirDrop has a security flaw due to the old SHA-256 encryption, saying it started doing various reverse engineering research in 2017. July 2020 Apple said it "has not made any updates with new features or any changes to mitigate potential issues." October 2020 Three months later in the same year, the team sent the solution and sample code to the problem directly to Apple, and published the code publicly on GitHub in the form of a PrivateDrop demo. This method can prevent the hash value from being cracked.

https://github.com/seemoo-lab/privatedrop

• 2021年
  • 该团队发布了针对 AirDrop 安全性更进一步的论文，指出 Apple AirDrop 安全性存在设计缺陷。

2021 The team published a paper that takes a closer look at AirDrop security, pointing to a design flaw in Apple's AirDrop security.

https://www.usenix.org/system/files/sec21fall-heinrich.pdf

• 2021 年 8 月
  • 上述论文在 21 年八月的 USENIX 安全会议上发布。据悉苹果已经收到了该论文的完整副本，并且对达姆施塔特团队表达了谢意。
• 2024 年 1 月
  • 该团队在其 GitHub 主页上更新中提到「2024 年1月，中国执法部门宣称已经“破解” Airdrop 」的方式，正是使用此安全漏洞。

August 2021 The above paper was released at the USENIX security conference in August 2021. It is reported that Apple has received a complete copy of the paper and has expressed its gratitude to the Darmstadt team. January 2024 The team mentioned in an update on its GitHub homepage that "in January 2024, Chinese law enforcement authorities claimed to have "cracked" Airdrop" by using this security vulnerability.

Breaking and Fixing Apple AirDrop