Security researchers have recently found several vulnerabilities in the wireless file-sharing features used by billions of devices worldwide. A team from the CISPA Helmholtz Center for Information Security discovered three specific flaws in the file-sharing system created by Apple, alongside similar issues in the Quick Share tool. These flaws allow someone close by to repeatedly crash the service and keep it offline, though no private data is exposed.
Attackers can disable features on nearby devices without user interaction
The attack is simple to pull off. A person only needs a laptop with Wi-Fi and to stand within 10 to 30 meters of the target. The receiving device does not even need to accept a file transfer. Because these services listen for nearby connections by default, the attack triggers before any prompt appears on the screen.
When targeting a Mac or an iPhone, the easiest flaw to trigger causes a total system crash for several related services. One bad request shuts down AirDrop, Handoff, Universal Clipboard, Continuity Camera, and AirPlay all at once. An attacker can send this request in a loop to completely block the user from using these features.
The core issue stems from how these tools are designed to work quickly. They process outside data before checking if the sender is trusted. The research team noted that Google and its main competitor face similar engineering hurdles in this area because of the early data processing.
Fixes are already in progress. The smartphone maker has patched one of the three flaws in a recent update and is working on its fixes for the remaining two. The search giant has also rolled out a patch for its Windows client. Until all updates are live, users might want to turn off file-sharing settings when out in public spaces.
