AirDrop Encryption Broken, Chinese Censors Make Arrests
The Chinese government has arrested several individuals they accuse of sharing “inappropriate” material via AirDrop. For the past two years the anonymity provided by AirDrop, Apple’s local and peer-to-peer file sharing protocol, has made it a useful method for people in China, particularly Hong Kong, to dodge censorship. Government censors can watch internet traffic, but AirDrop doesn’t require an internet connection, so it could be used to proliferate memes and pamphlets critical of the Chinese government or leadership. Some memes and pamphlets were distributed by AirDrop randomly in crowded public places, such as train stations.
In November of 2022, under pressure from the Chinese state, Apple limited AirDrop functionality in China so that allowing your device to receive files from unknown senders could only be turned on for 10 minutes at a time. Now a Chinese forensics contracting firm named Wangshen Dongjian has created a tool capable of reaching into an iPhone’s memory to decrypt the logs recording the senders of past AirDrop transfers. If they have an iPhone that has received illicit material by AirDrop, then they can identify the phone number and email address of the sender. They’ve used this to identify and arrest several individuals.
Security researchers in Germany had already found the vulnerability in AirDrop back in 2019. They notified Apple and even supplied a potential fix in 2021, reports CNN. Evidently, Apple did not act on the tip.
The Bottom Line: We hope that Apple is finally working to update their AirDrop methods to either harden the encryption or, better yet, not retain past sender data to begin with. Until they succeed, visitors to China may wish to turn AirDrop off on their devices, just to avoid any accidental misunderstandings.
From my reading of the reports, it looks like Wangshen Dongjian’s tools require physical access to a “victim” phone to figure out who sent the offending files, so the exploit doesn’t seem valuable to scammers or hackers, only to government censors. But if they can crack the encryption on the logs, then they may be able to extract other information as well.
Apple Expected to Open European App Store with Sideloading
iPhones can only install apps from Apple’s own App Store. However, due to regulatory pressure from the European Union, Apple is reportedly poised to split their App Store into a European version and another for everyone else. The European version will allow users to add apps from other sources besides the App Store. Critics of Apple’s current system say that more sources of apps will lead to innovation and provide greater choice for iPhone users, while proponents say the limited selection available through Apple’s App Store is easier to police and more secure.
The Bottom Line: If you are based in Europe, then you may soon see an update to your iPhone to allow third party app stores. I would recommend avoiding any third-party app store for privacy and security reasons.
Myanmar Rebel Militias Report Progress on Stopping Pig Butchering and Human Trafficking Operations
Pig butchering remains a particularly nasty form of scam for all the reasons we reported last November. Scammers spend months or years using a fake persona to build a relationship of trust and affection with their victims, only to use that relationship to con the victim into investing in a false cryptocurrency app. Once the victim has invested everything they possibly can in the fake cryptocurrency opportunity, the scammer then empties the accounts and disappears.
While these scams continue, some progress has been made recently in closing the centers where the scammers operate en masse. Many of these centers, which employ human trafficking victims in forced bondage to do the scamming, are based in southern Myanmar, a region where rebel factions are at war with the government. Chinese state agents have made contact with some of these rebel groups, pressuring the to make closing the call centers a priority. So now rebel groups have begun claiming successes in missions to find and close scam centers, including seizing control of the city of Laukkaing, where many are based.
The Bottom Line: It remains unclear whether these actions have reduced the risk of pig butchering scams. When developing friendships or relationships on the internet, always insist on a video call to verify the identity and authenticity of the other person. This is our security practice of the month point number 3: verify the sender.
Pig butchering scammers are almost always based out of places where they are difficult to prosecute, so there is little legal recourse for victims. If you think that you or someone you know might be a victim, stop investing right away and try to get the money back. Many of the fake cryptocurrency opportunities offered by pig butchers will allow you to withdraw your money. They want you to think the investment is working, so as long as you’re still well below what they think is your maximum potential investment, they’ll keep permitting you to make withdrawals. The FBI has asked victims to make a report.