China Cracks Apple’s AirDrop to Extract Phone Numbers and Emails from Alleged Threat Actors

China is cracking down on Apple’s AirDrop close-range wireless communication protocol in a bid to stop alleged malicious actors from sending “illegal” files to members of the public.

The Chinese government has long controlled how Apple customers consume and share content inside the Great Firewall. Activists in China have few tools at their disposal to speak out, leading many to employ Apple’s AirDrop feature to covertly share content with nearby iPhone users.

As highlighted by Bloomberg, pro-democracy protesters in 2019 widely used AirDrop to share slogans in Hong Kong.

Now, a Chinese state-backed institution claims to have found a way to identify users who send messages via AirDrop “as part of broader efforts to root out undesirable content,” the news agency reports.

According to Beijing, “people with malicious purposes […] use this function to transmit illegal pictures, videos, audio and other files, such as illegally delivering and spreading bad information to nearby people in crowded places such as subways, buses, shopping malls, etc.”

The post, published on sfj.beijing.gov, claims some people reported receiving “a video with inappropriate remarks” during their daily commute.

“After preliminary investigation, the police found that the suspect used the AirDrop function of the iPhone to anonymously spread the inappropriate information in public places,” the Chinese government claims. “Due to the anonymity and difficulty of tracking AirDrop, some netizens have begun to imitate this behavior. Therefore, it is necessary to find the sending source and determine its identity as soon as possible to avoid negative impacts.”

The government tasked the Beijing Wangshendongjian Forensic Appraisal Institute to crack AirDrop’s veil of anonymity and identify the alleged culprits.

The institute allegedly made a “technological breakthrough” and indeed managed to crack an iPhone’s encrypted device log to identify the phone numbers and emails of AirDrop senders.

“Forensic technical experts from the Beijing Wangshendongjian Forensic Appraisal Institute conducted an in-depth analysis of iPhone device logs to clarify the transmission principle and found records related to AirDrop,” reads the Google-translated announcement.

“After inspection, it was found that the fields related to the sender's device name, email address, and mobile phone number were recorded in the form of hash values, and some of the hash value fields were hidden,” Beijing says. “In order to quickly crack this field, the technical team created a detailed ‘rainbow table’ of mobile phone numbers and email accounts, which can convert the cipher text into original text and quickly lock the sender's mobile phone number and email account.”

Using the method, Chinese police were able to “identify multiple suspects involved in the case.” It isn’t clear if any arrests were made.

Even if so-called rogue citizens were indeed spreading malicious content on subways, it’s still unnerving that China is so bent on cracking down on anonymous communication.

When the AirDrop pro-democracy protests broke out in 2019 in China, Apple was forced to put a 10-minute limit on the option to send and receive content from “Everyone.”

It remains to be seen if Apple responds to Beijing’s crackdown with a patch, or if it moves to implement yet another round of amendments to AirDrop’s underlying wireless protocols.