Chinese Hackers

[kyonides]

China Says It Cracked Apple’s AirDrop Encryption to Track Senders

Chinese authorities have claimed that they can identify individuals who use Apple’s wireless file-sharing tool to spread content that Beijing considers “inappropriate.”

Experts had managed to identify the phone number and email address of an AirDrop sending device using logs found on the receiving device, the Beijing Municipal Bureau of Justice said in an article published on Jan. 8. That allows local police to find “several suspects” who use the iPhone feature to transmit files containing what authorities have referred to as “inappropriate remarks,” according to the agency.

AirDrop, designed to function over short distances, was created as a program reliant on direct connections between phones. By forming a local network of devices without relying on the internet to communicate, AirDrop makes it hard for authorities to regulate “through conventional network monitoring methods,” according to the article.

The file-sharing feature, which is available on iPhones and other Apple devices, has been a critical tool for protesters in both mainland China and Hong Kong to evade censorship and maintain communication. Users can’t review the transmission history, and the recipient’s device may only show the user-defined name of the sender.

The Beijing judicial agency stated in the article that experts extracted AirDrop’s encrypted records by analyzing the iPhone’s logs. They praised experts from Beijing Wangshendongjian Technology Co. Ltd., a local forensic appraisal institute, for assisting authorities to “break through technical difficulties of tracing anonymous AirDrops.”

AirDrop was used widely as a communication tool during Hong Kong’s pro-democracy protests in 2019. Demonstrators deployed the program to bypass China’s so-called Great Firewall, delivering crucial messages to the public and ensuring ongoing communication among themselves.

In late 2022, after protests against Beijing’s draconian COVID-19 measures erupted in Shanghai and other major Chinese cities, Apple restricted the sharing feature in the mainland following reports that young demonstrators used the AirDrop function to share images and slogans denouncing the Chinese Communist Party (CCP) and its leader, Xi Jinping.

On Nov. 9, 2022, Apple released iOS 16.1.1., a new version of its mobile operating system. The tech firm noted that the “update includes bug fixes and security updates and is recommended for all users.” However, Chinese readers of 9to5Mac, a website covering news about Apple and its products, noticed a modification in the update that was specific to iPhones sold in China.

Following the operating system update, AirDrop on iPhones sold in China can only be configured to receive messages from “everyone” for 10 minutes before switching off. Typically, AirDrop users can choose to receive files from “everyone”—contacts and noncontacts—for an unlimited time. Before the update, the “everyone” setting could be turned on permanently on Chinese iPhones.

Apple has stated that the feature was an effort to cut down on spam content sent in crowded areas such as malls, and it originally planned to roll out the feature globally starting in 2023.

However, Apple hasn’t offered an explanation as to why it chose China to be the first country with AirDrop restrictions.

For years, Apple kept Chinese customers’ data locally on servers run by a state-owned company, adhering to Beijing’s request to keep information within its borders.

Experts have pointed out that this method gives the CCP unfettered access to consumer data. Apple, in response, stated that it holds encryption keys to the data stored in those server facilities and has “never compromised the security” of its users and their data.
This local storage means that although the United States has laws against companies sharing data with Chinese authorities, Beijing can demand the data from the server storage company rather than from Apple.

Apple has already been subjected to restrictions in China, one of the company’s biggest markets and responsible for nearly 20 percent of the Cupertino, California-based firm’s revenue.

Multiple media outlets reported in September 2023 that Beijing instructed state employees and officials at some government agencies to not use iPhones and other foreign cell phones for work ... These officials, who spoke on the condition of anonymity for fear of reprisal, said there were no formal documents regarding that order.

When asked about the reported iPhone ban at a briefing at the time, a Chinese Foreign Ministry official didn’t directly comment on the issue but said phone companies operating in China must adhere to its laws and regulations.