Apple had fixed a bug in its AirDrop feature that allows nearby hackers to make iPhones and iPads inoperable.
Independent researcher Kishan Bagaria discovered a denial-of-service bug in iOS, which he dubbed AirDoS. AirDoS allows an attack to infinitely spam all nearby iOS devices with the AirDrop share popup.
The popup blocks the UI thus preventing the device owner from doing anything on the device except Accept/Decline the popup, which will keep reappearing.
“This bug is still subject to the AirDrop receiving setting, meaning if your AirDrop setting is set to “Everyone”, anyone can be the attacker, but if it’s set to “Contacts Only”, only someone in your contacts can be the attacker,” explained Bagaria in a blog post.
The most obvious solution to an attack like this it to “simply run away”, i.e. getting out of range from the attacking device.
Other solutions include turning off AirDrop/WiFi/Bluetooth by accessing the Control Center from the lock screen if the owner does not have it disabled; asking Siri to turn off WiFi/Bluetooth; or even restarting the device which gives the owner some time to turn AirDrop off before the attack occurs again.
To prevent this attack from occurring in the first place, it is advised to only turn AirDrop when needed and not to set it to “Everyone.”
Bagaria reported the bug to Apple in August 2019, and has since been fixed in iOS 13.3.
PrivSec Conferences will bring together leading speakers and experts from privacy and security to deliver compelling content via solo presentations, panel discussions, debates, roundtables and workshops.
For more information on upcoming events, visit the website.
We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.
Privacy Culture: Data Privacy and Information Security Consulting, Culture & Behaviour, Training, and GDPR maturity, covered. https://www.privacyculture.com/