There was a serious AirDrop bug in iOS 13.2.3 that let attackers overwhelm nearby iPhones with files, causing them to lock up, reports TechCrunch. Apple addressed the bug in the iOS 13.3 update, and the details of how it works are now public.
AirDrop is designed to allow users to share files with one another, and depending on settings, it can be restricted to contacts, no one, or any nearby iPhone. Kishan Bagaria discovered the AirDrop bug in iOS 13.2.3, finding that he could lock up nearby iPhones that were able to accept files by flooding them with multiple files in a row.
/article-new/2019/12/airdropbug-800x779.jpg)
When receiving an AirDrop file, an iPhone or iPad blocks the display until the incoming request is accepted or rejected. iOS did not limit the number of requests that a device can accept, so with repeated message requests, an attacker was able to send files over and over again to cause the iOS device to get stuck in a loop.
Devices with AirDrop set to "Everyone" were primarily vulnerable to the attack, which is not the default AirDrop setting. AirDrop is limited to Contacts, and the "Everyone" setting must be manually enabled.
As of now, though, the bug no longer works and Apple has limited the number of AirDrop messages that can be sent to an iOS device in quick succession. Given that this wasn't a traditional security vulnerability, Apple will not provide a common vulnerability and CVE score, but has instead acknowledged it in a separate section of the security support document.
Top Rated Comments
(View all)
This is how my teenage son passes the time while waiting in pubic...He will look for "open" AirDrop iPhones and send a picture of a fish. He doesn't flood the phone, just sends it once, and then looks to see who might have noticed. He now has learned to change is phone name when someone saw the picture was from "Joe's iPhone" and called out "Joe" looking for who might respond.:)Shoot now I can’t mess with people in public like I use to do
It's amazing the number of people you find who have AirDrop wide open at a place like Disney. :rolleyes:
Airdrop is great technology, I wish more people used it. I hardly hear anyone does especially that it is Apple only.
It’s just that one popover layer that forces you to interact with it.
That’s ok I guess, But if you get sent multiple files, which one gets priority?
I propose a new dialog which appears at the top of the screen like a normal notification. Once interacted with, it would show you all incoming connections, what they are and whether you want to accept or reject each transfer. More complicated but I think if done in the Apple way would be simple and useable.
What do you lads and ladies think?
LOL ... reminds me of 'bluetooth wardriving' way back in 2002. Go Transit .... key up a message on my Ericsson "Evening ... if you receive this message bring it to the driver for a month of free travel anywhere in the GTA" LMAO ... some cat in 1mins jump up and spoke to the driver for a lengthy 20mins LMAO! Nowadays kids would fled you with eggplant emoji (yet not the vegetable nor the emoji) :( fine lines between tom foolery vs harassment.Shoot now I can’t mess with people in public like I use to do