Now-Fixed AirDrop Bug Let Anyone Lock-Up Nearby iPhones With Flood of Files

There was a serious AirDrop bug in iOS 13.2.3 that let attackers overwhelm nearby iPhones with files, causing them to lock up, reports TechCrunch. Apple addressed the bug in the iOS 13.3 update, and the details of how it works are now public.

AirDrop is designed to allow users to share files with one another, and depending on settings, it can be restricted to contacts, no one, or any nearby iPhone. Kishan Bagaria discovered the AirDrop bug in iOS 13.2.3, finding that he could lock up nearby iPhones that were able to accept files by flooding them with multiple files in a row.

airdropbug
When receiving an AirDrop file, an ‌iPhone‌ or iPad blocks the display until the incoming request is accepted or rejected. iOS did not limit the number of requests that a device can accept, so with repeated message requests, an attacker was able to send files over and over again to cause the iOS device to get stuck in a loop.

Devices with AirDrop set to "Everyone" were primarily vulnerable to the attack, which is not the default AirDrop setting. AirDrop is limited to Contacts, and the "Everyone" setting must be manually enabled.

As of now, though, the bug no longer works and Apple has limited the number of AirDrop messages that can be sent to an iOS device in quick succession. Given that this wasn't a traditional security vulnerability, Apple will not provide a common vulnerability and CVE score, but has instead acknowledged it in a separate section of the security support document.

Tag: AirDrop

Top Rated Comments

SVTmaniac Avatar
46 months ago
I don't know if I'd call it serious. More of an inconvenience if anything. First off you'd have to be dumb enough to leave your airdrop set to everyone and then someone would have to know about the bug to send files that basically annoy you more than anything. Not like they get data off your phone or cause it to brick.
Score: 5 Votes (Like | Disagree)
Nabby Avatar
46 months ago

Shoot now I can’t mess with people in public like I use to do
This is how my teenage son passes the time while waiting in pubic...He will look for "open" AirDrop iPhones and send a picture of a fish. He doesn't flood the phone, just sends it once, and then looks to see who might have noticed. He now has learned to change is phone name when someone saw the picture was from "Joe's iPhone" and called out "Joe" looking for who might respond.:)

It's amazing the number of people you find who have AirDrop wide open at a place like Disney. :rolleyes:
Score: 5 Votes (Like | Disagree)
Jimmy Bubbles Avatar
46 months ago
Looks like the old concept of IM-bombs hasn't died, only reincarnated. haha!
Score: 1 Votes (Like | Disagree)
MacBH928 Avatar
46 months ago
ahh...the old Windows 98 pop-up trick, strikes again.

Airdrop is great technology, I wish more people used it. I hardly hear anyone does especially that it is Apple only.
Score: 1 Votes (Like | Disagree)
roguedaemon Avatar
46 months ago
Here’s a suggestion; make the AirDrop dialogue more versatile.
It’s just that one popover layer that forces you to interact with it.
That’s ok I guess, But if you get sent multiple files, which one gets priority?

I propose a new dialog which appears at the top of the screen like a normal notification. Once interacted with, it would show you all incoming connections, what they are and whether you want to accept or reject each transfer. More complicated but I think if done in the Apple way would be simple and useable.

What do you lads and ladies think?
Score: 1 Votes (Like | Disagree)
DeepIn2U Avatar
46 months ago

Shoot now I can’t mess with people in public like I use to do
LOL ... reminds me of 'bluetooth wardriving' way back in 2002. Go Transit .... key up a message on my Ericsson "Evening ... if you receive this message bring it to the driver for a month of free travel anywhere in the GTA" LMAO ... some cat in 1mins jump up and spoke to the driver for a lengthy 20mins LMAO! Nowadays kids would fled you with eggplant emoji (yet not the vegetable nor the emoji) :( fine lines between tom foolery vs harassment.
Score: 1 Votes (Like | Disagree)

Popular Stories

gradiente iphone white

Brazilian Electronics Company Revives Long-Running iPhone Trademark Dispute

Tuesday May 19, 2020 1:06 pm PDT by
Apple has been involved in a long-running iPhone trademark dispute in Brazil, which was revived today by IGB Electronica, a Brazilian consumer electronics company that originally registered the "iPhone" name in 2000. IGB Electronica fought a multi-year battle with Apple in an attempt to get exclusive rights to the "iPhone" trademark, but ultimately lost, and now the case has been brought to...