A woman that was chased by an unknown man believes that her public iPhone details and Apple’s “AirDrop” feature may have left her vulnerable to stalking.
11Alive.com reports that Becca Blackman Wilcox was driving from a gas station in San Angelo during her trip from New Mexico to Copperas Cove when she noticed that she was being followed by a car behind her. “There was nobody else in the store except the clerk and there was only one man getting gas,” said Wilcox. “I don’t know exactly when it all started.” Wilcox left the gas station and traveled along Highway 87 towards Eden when she noticed the Ford Explorer close behind her. “I was only doing 74 mph. There were four lanes of traffic and I was in the slow lane, and I couldn’t figure out why he wasn’t passing me.”
Wilcox changed lanes, but the Explorer passed Wilcox then slowed dramatically again and pulled up behind her car. “He got up right along beside me … turned his dome light on and looked at me,” said Wilcox. It was then that Wilcox called Concho County 911, she described the Explorer and its driver, a white male in his early to mid-20s with dark hair and a goatee. Then, as if lifted directly from the script of a horror film, Wilcox’s phone rang. Wilcox said, “I answered. … The voice on the other end was real crackly. (He) said, ‘Becca? It’s Jason. I’m behind you. Pull over.’”
Wilcox hung up the phone and slammed on the accelerator, she then called her daughters and asked them to use Apple’s “find my iPhone” feature to track her location, “We all have iPhones, and I wanted them to track my location,” said Wilcox, “just in case something happened.” Wilcox’s daughters instructed her on how to get to the Brady police station, “They stayed with me on the phone the entire time,” said Wilcox. While speaking to Brady law enforcement, a police officer suggested that the man pursuing Wilcox had been tracking her phone or otherwise gained access to it. In the following weeks, Wilcox experience some unusual events surrounding her phone. Phone numbers appeared on her family members call logs hours late in the night, phone calls have been made to the phone’s own number and two of her family members Facebook pages appear to have been hacked.
An AT&T representative told Wilcox that her phone may have been compromised via Apple’s file-sharing service, Airdrop. “I keep my phone in my back pocket — always,” said Wilcox. “I just never, ever would’ve realized that I had an open window in my pocket that anybody could see into.” Paul Bischoff, a privacy advocate at Comparitech.com, a security and privacy advice and comparison website, commented on Wilcox’s case saying “One possibility might have been that Wilcox and the man who accessed her phone had at one point exchanged contacts.” If this had happened, Wilcox’s name and photo could have appeared on her pursuers phone once he got within approximately 300 feet of her.
Wilcox stated in an interview that her phone’s settings meant that anyone could see her AirDrop details within a certain vicinity. Bischoff noted, however, that the possibility that Wilcox’s pursuer obtained her phone number via the AirDrop system was quite low, “On the other hand, finding someone’s phone number from AirDrop is extremely difficult,” said Bischoff. Airdrop broadcasts a “hash” as it’s known so that other iPhones can see it, a hash is “a sequence of letters and numbers derived from the owner of the device’s email address and phone number,” said Bischoff. He further stated that obtaining a phone number from a hash would be “nearly impossible; it would require U.S. military levels of decryption power.”
The Apple AirDrop feature was previously left vulnerable to a hack in 2015 which allowed hackers to install malware on users phones to gain access to their messages, contacts, camera, location and more. The bug would attempt to send a malicious file to the iPhone users via AirDrop, even if the user rejected the file, the bug could still gain access to the users iPhone. Mark Dowd, the founder and director of Azimuth Security, stated in a tweet, “AirDrop bug can be used to target people wirelessly in close proximity. Also useful for lock-screen bypass”
AirDrop bug can be used to target people wirelessly in close proximity. Also useful for lock-screen bypass
— mdowd (@mdowd) September 16, 2015
The AirDrop service also automatically displays previews of images that users try to send to each other. The Verge’s Josh Lowensohn took advantage of this, regularly sending photos of sloths in spacesuits to every iPhone and Mac user in their vicinity during commutes to and from work. Lowensohn wrote,
Each day I get on the train to make the half hour voyage into San Francisco for work, I am surrounded by people using their phones. Many have iPhones or iPads, and have a setting turned on that lets me send them unsolicited files through AirDrop. Where Apple envisioned it as a way to send useful files and websites to friends and acquaintances, I use it to send photos of sloths to strangers. And not just any sloths, but sloths wearing spacesuits.
While Lowensohn’s use of AirDrop’s image previewing capabilities was quite harmless and fun, other’s could use the preview feature to send shocking or harmful images to iPhone and Mac users in the surrounding area.
Here is how iPhone users can check the AirDrop settings on their phone. First go to the Settings app on your iPhone and click the “General” section:
From there, select the “AirDrop” section near the top of the screen,
From here, users can choose one of three options for their AirDrop settings, “Contacts Only” allows users in your contacts list to see your AirDrop information, “Everyone” allows anyone within a nearby radius to see your settings while “Receiving Off” doesn’t allow anyone to see your device on AirDrop whatsoever.