Chinese researchers claim AirDrop hack.

 In a recent development, Chinese researchers, allegedly supported by the state, have unveiled a method to identify users of Apple's AirDrop, an encrypted service facilitating content sharing among nearby Apple devices without the need for an internet connection. This service gained notoriety during the 2019 Hong Kong pro-democracy protests for its ability to circumvent government surveillance.                  

According to reports, the Beijing municipal government has asserted that this new technique can expose an iPhone's encrypted log, divulging sensitive information such as the user's phone number and email address. Responding to privacy concerns, Apple implemented restrictions on AirDrop for Chinese users in 2022, introducing a 10-minute time limit for receiving files from unknown contacts.

This strategic move by Apple aligns with China's robust digital surveillance initiatives, characterized by mandatory real-name registration for social media and communication services. Apple has faced criticism for its perceived compliance with Chinese regulations, a sentiment reinforced by its removal of a map app used by Hong Kong protesters in 2019, citing safety concerns.                                                                     

In a separate incident, Fidelity National Financial (FNF), a prominent real estate services company, disclosed a cyberattack that occurred in November of the previous year. The breach resulted in the theft of data from approximately 1.3 million customers and led to a week-long system outage. FNF reported that an unauthorized party gained access to their systems, deploying non-self-propagating malware to extract data.

While the specific nature of the compromised data was not explicitly detailed, FNF is taking proactive measures by offering credit monitoring and identity theft services to affected customers, indicating the potential sensitivity of the information accessed. The ransomware group ALPHV, also known as BlackCat, has claimed responsibility for the attack. Fortunately, FNF managed to contain the breach by November 26, limiting the potential fallout from this cyber incident.