AirDrops are files exchanged through an Apple-exclusive feature simplifying data transfers between Macs and iOS devices. However, hackers and users can abuse this wireless and readily available option.
For instance, keep Wi-Fi and Bluetooth turned off in public or when not in active use. Furthermore, it is best to modify settings to accept AirDrops only from your contacts. In both cases, you prevent unknown entities from sending you offensive or malware-ridden files.
However, AirDrops have been associated with multiple risks and hacking paths over the years. One example comes from networking protocols susceptible to threats like man-in-the-middle attacks. So, if you use AirDrop to exchange files and information with friends or colleagues, learn how to use it safely.
What are AirDrops?
AirDrop is a native feature in Apple products like computers, tablets, and smartphones. It is a widespread technique for sharing content such as documents, passwords, photos, videos, websites, notes, or contacts.
So, Apple users do not need to depend on external tools to message or email files. Instead, they can enable this free file-sharing service and transfer AirDrops to nearby devices.
Of course, AirDrop has specific requirements for the exchange to be successful:
- Sharing AirDrops is only available between Apple devices.
- Receivers have the option to accept files from everyone or contacts only.
- Devices need to have Bluetooth and Wi-Fi enabled. However, you do not need to connect to a Wi-Fi network. It is enough to have the Wi-Fi setting enabled. Therefore, AirDrop can work when you are offline.
- Devices participating in the file sharing need to be no further than 30 feet apart.
From a technical viewpoint, AirDrop uses Bluetooth technology to establish a peer-to-peer connection between devices. Then, it moves files from one device to the next over the established link.
The process is seamless and might take no more than a minute, depending on the size of AirDrops.
Is it safe to share a file using AirDrop?
Generally, using AirDrop to share photos or other content is safe. However, the risks emerge in the form of bugs detected in software or networking protocols.
In other cases, users might take risks with AirDrop settings, like accepting data from everyone. So, owners of Apple products must take caution independently, inspecting AirDrops before accepting them.
Here are some previously reported risks to consider when using or enabling AirDrop.
The threat of man-in-the-middle attacks
Man-in-the-middle (MitM) attacks refer to entities intercepting connections or data transfers. It could permit hackers to modify the sent file or steal its contents.
In 2019, news spread of vulnerabilities in Apple Wireless Direct Link (AWDL), a protocol used for AirDrops. Essentially, security flaws made device-to-device communications susceptible to hackers.
The MitM mentioned above was one attack path, letting perpetrators modify or capture AirDrops. Other risks of AWDL vulnerabilities involved unwanted exposure of users’ names or crashing their devices. Perpetrators could achieve the latter through DoS (denial of service) attacks.
Stealthy installation of malware
In 2015, an Australian researcher Mark Dowd described an unfortunate way to hack devices via Bluetooth. The flaw allowed attackers to distribute malicious content even if users rejected AirDrops.
Luckily, AirDrops that arrive in this stealthy way had limited access to users’ devices. For instance, they had no way of retrieving bank information or opening emails.
AirDrops leak phone number and email address
A recent AirDrop risk showcased that the file-sharing feature could share more information about users than intended. Researchers from the Technical University of Darmstadt in Germany shared their findings on problems with AirDrop’s Contacts only mode.
The problem existed due to the improper exchange of information between Apple devices. For instance, devices share details based on phone numbers and email addresses to recognize each other.
However, while devices hashed contact identifiers, they lacked salt. So, it was possible to reverse the hashes after generating a database of potential hashes.
Full iPhone takeover
Issues with AWDL came forward again after Google Project Zero reported another vulnerability. The flaw affected most iOS devices and could have facilitated a complete device takeover. That included reading victims’ messages, downloading files, or enabling a microphone and camera.
The bug became even more critical when researchers figured out it could activate AirDrop. Thus, even if victims had it disabled, perpetrators could turn on and abuse it. Luckily, specialists detected no attempts to exploit the vulnerability in the wild. Later, Apple claimed they fixed the bug in newer versions of iOS.
Sharing inappropriate or dangerous content
Vicious individuals could exploit AirDrops to send explicit content to nearby users. Such indecent sharing can happen in crowded places, like public transportation, events, or restaurants.
For example, AirDrop abuse frequently happens during flights when people are confined in one place for hours. During one flight, a pilot threatened to turn back the plane after someone continued sending AirDrops of naked pictures.
This new disturbing threat also has a specific term: cyberflashing. In the UK, the activity became a criminal offense, with perpetrators facing up to two years in jail.
How to turn on AirDrop and share photos?
You can find AirDrop settings on iOS by opening Settings, navigating to General, and tapping on AirDrop. Then, you will see options for turning it off and enabling it for everyone or contacts only.
On Macs, open Finder, and you should see AirDrop in the menu on the left side. After clicking on it, you will notice options for controlling it.
In order to receive AirDrops from others, you need to enable AirDrop. The exchanged files will end up in the Downloads folder on Macs. On iOS, AirDrops are in apps linked to particular file types.
How to send and receive AirDrops safely
It is possible to compromise AirDrops due to software vulnerabilities. Additionally, other people could abuse it to transmit malicious, offensive, or unsettling content. Luckily, the following recommendations can help you use AirDrops safely.
- Disable AirDrops when not in active use. The same rules apply to Bluetooth and Wi-Fi settings to avoid accidental connections.
- If you keep AirDrop enabled, select to receive files from contacts only.
- Pay attention to the data someone has tried to send you. For instance, the AirDrop preview lets you see a small version of transferred images.
- Update Apple devices as soon as possible. Many AirDrop risks and vulnerabilities get fixed. Thus, patch your system as soon as updates are available.
- Remember that wireless data transfers can never be 100% secure. Thus, it might be better to use other file-sharing means to exchange highly confidential documents.
