Before I get started: No, people can’t steal your credit card information using AirDrop. AirDrop doesn’t even know what your credit card number is.
In a hoax that’s been spreading around TikTok as of late (the source of the rumor is unclear), viral videos are now saying that hackers can use the iPhone’s AirDrop feature to steal your credit card information from your Apple Wallet. The news was first reported on by The Daily Dot, which to its credit, quickly called it out for the nonsense it is.
What the rumors say
In videos that have been spotted over the embattled social media app the past few weeks, popular users including @vanessaromito13 and @the_journey76 urged their audiences to be cautious of Apple’s AirDrop feature following a “recent update,” claiming hackers can now steal your credit card information just by walking by you with an iPhone in their pocket. Specifically, the latter says hackers can “walk past you now and from one iPhone to another using that AirDrop setting, they can get all the cards in your wallet. In your Apple Wallet.” The former, meanwhile, attempts to offer a solution, encouraging followers to disable the “search with other iPhones” setting.
Fortunately, neither are correct.
Can people steal information through AirDrop?
Whatever sparked these concerns, there’s nothing in the most recent iPhone update (iOS 18.2) that would have done it. Despite the worries over AirDrop, last week’s update made no changes to either AirDrop or Apple Wallet, instead focusing the bulk of its attention on Apple Intelligence.
Instead, the rumors seem to be a repackaging of earlier concerns over the iPhone’s NameDrop functionality, which allows two iPhones to share contact information just by coming into close proximity. Even law enforcement got in on the fearmongering here, but tech experts were quick to point out that the feature requires extremely close physical proximity and consent on both ends. In actuality, most concluded that it doesn’t pose much of a risk.
Saying that people can use AirDrop to steal your credit cards just by walking past you with their iPhone nearby preys on a similar fear, but doesn’t even reference a feature that exists.
First, there is no “search with other iPhones” setting to disable. Speaking generously, the influencer might be referring to the “Bringing Devices Together” setting that got added with NameDrop, or the ability to set your AirDrop permissions to receive requests from everyone for 10 minutes.
Regardless, neither work in the way described. “Bringing Devices Together” is a NameDrop only function, while accepting requests from everyone just means other users can offer to send you files, which you’ll still need to accept before they make their way over to your phone. For them to get files off your phone, you would need to send them over yourself. And regardless, your settings will revert to “Contacts Only” after 10 minutes, with no always-on option to share with everyone available.
Second, AirDrop can’t interact with Apple Wallet. The feature can only share files accessible via the iPhone’s file browser, which isn’t where Apple Wallet stores information. And even if it were, Apple Wallet doesn’t actually have your credit card information—it uses a “Device Account Number” generated by your bank or card provider, which gets encrypted along with everything else in your wallet and is very hard to do anything with unless you have the iPhone it's tied to. According to Apple, “your card number is never stored on your device or on Apple servers.”
In short, the most risk you have of someone nearby stealing your credit card number through Apple Wallet is if they see the last four digits of your card by physically looking at your screen. And even so, there’s not much they can do with that.
Can people steal your Apple Pay transactions through tap-to-pay?
So, yes, this recent warning is a hoax. AirDrop can’t do anything with your payment information, and it’ll take a hacker a bit more diligence to take money from your Apple Pay than just walking by you with an iPhone in their pocket. But that doesn’t mean you shouldn't be vigilant.
Right now, there are two known ways for people to steal from you using Apple Pay, although neither will give them permanent access to your financial information.
The first is to take advantage of stressed-out buyers by overcharging them. As also reported by The Daily Dot, if you’ve already approved a transaction by double tapping into your Apple wallet and authenticating the payment (via FaceID, TouchID, or your PIN), but haven’t yet seen the seller’s screen, they could charge you whatever they like by simply tapping their phone to yours without confirming the sale with you first. In one case, a woman was charged $975 for what she thought would be a $10 box of chocolates because she was already preparing to use Apple Pay before seeing the scammer’s seller screen and how much they were actually going to charge her. Always ensure you see a charge before activating Apple Pay, rather than relying on whatever the seller says the charge will be.
The second is a bit harder to avoid. While hackers can’t use AirDrop to steal your payment information, they can use their own software to steal transactions over-the-air from nearby payment terminals. This is a bit harder to avoid, and is usually employed at particularly busy vendors, such as those at music festivals. In this case, you’ll only be out on whatever you were intending to pay the vendor, but if you’re planning to be in a crowded area with lots of sales going on at once, pay attention to others near you while you’re using Apple Pay— they’ll have to be close by to steal a transaction using NFC. In the case that they do pull it off, though, you can at least rest assured that all information sent to the terminal will have been encrypted.
Again, there are legitimate threats to watch out for here, and it’s a good idea to exercise caution. But allowing panic-spreading social media posts to whip you into a worried frenzy just makes it harder to keep track of the real risks out there, and may make you miss out on the real benefits that come with encryption-focused payment methods like tap-to-pay.
from LifeHacker https://ift.tt/jpxvBqQ
https://ift.tt/ScmhYwk