A Bug In AirDrop On iOS 13 Lets Anyone Temporarily Blocks Another iOS Users From Their iPhones Or iPads

Aadhya Khatri - Dec 11, 2019


A Bug In AirDrop On iOS 13 Lets Anyone Temporarily Blocks Another iOS Users From Their iPhones Or iPads

The solution is to walk out of the wireless range of the attacker’s device and then turn off Bluetooth to cut off the only way AirDrop can work

A bug in iOS 13.3 that allows just about anyone to lock another iPhone or iPad users out of their devices temporarily, was fixed today. The vulnerability lets Apple’s handheld devices being forced to enter an unavoidable loop.

Here is how the bug works for attackers, according to Kishan Bagaria, the vulnerability is in AirDrop, the tool to send files among iOS users. The bug lets attackers send files to all devices available within the wireless range.

Airdrop-bug
Here is how the bug works

When an iOS device receives a file, the display will be temporarily blocked until the user chooses to receive or reject the file. Since there is no limitation on the number of files a person can send to another device, the attacker can keep sending, causing the accepting box to appear over and over again, forcing the device to enter a loop.

Bagaria used a tool to continuously send files to not only one but all iOS devices that are available to accept files within his devices’ wireless range.

He called the vulnerability “AirDoS” with “DoS” stands for “denial-of-service,” meaning the users can be temporarily locked out of their own iPhones or iPads.

With this bug, all devices that have the setting of receiving file transfer from everyone are of the greatest risk. One of the most effective ways to stop receiving files is to switch off Bluetooth. However, when the attack has started, there is no way to access the device to do so.

That brings us to another solution, which is to grab your device and walk away, out of the wireless range of the attacker’s device. After that, turn off Bluetooth to cut off the only way AirDrop can work.

Apple has fixed this bug be limiting the number of file receiving requests in a certain amount of time. Since this is not a security vulnerability, Apple will not issue a CVE (common vulnerability and exposure) score.

Comments

Sort by Newest | Popular

Next Story