What if you could walk into a room and make every* iPhone or iPad unusable while you’re there? Wait, that sounds evil. What if you could get that one annoying person off their iPhone who’s always on it?
A denial-of-service bug in iOS that I’m calling AirDoS which lets an attacker infinitely spam all nearby iOS devices with the AirDrop share popup. This share popup blocks the UI so the device owner won’t be able to do anything on the device except Accept/Decline the popup, which will keep reappearing. It will persist even after locking/unlocking the device.
*This bug is still subject to the AirDrop receiving setting, meaning if your AirDrop setting is set to “Everyone”, anyone can be the attacker, but if it’s set to “Contacts Only”, only someone in your contacts can be the attacker.
How would you stop this if someone were to use this attack on you? Simply run away! It’ll get you out of range from the attacking device. Okay, I’m not sure how well this’d work in an airplane.
Besides getting away from the attacker, who is also unidentifiable most of the time, you can stop this by turning off AirDrop/WiFi/Bluetooth. This can be done if you can access Control Center from the lock screen but not if you have it disabled. Either way, you can ask Siri to turn off WiFi or Bluetooth. Restarting your device may also give you some time to turn AirDrop off before the attack takes place again.
To prevent this attack from taking place at all, turn on AirDrop only when you need it and don’t ever keep it set to “Everyone”.
This is a simple bug and can also be exploited for a single device with a simple infinite loop and opendrop:
while true; do opendrop send -r 0 -f totally-random-file; done
macOS
macOS shows the AirDrop share popup differently than iOS and doesn’t block the UI. An attacker could still send a lot of share requests to spam someone but since the UI is non-blocking, they can easily turn off AirDrop or WiFi/Bluetooth. Here’s a video of how it looks like on macOS.
A fix for this has been implemented in macOS Catalina 10.15.2, Security Update 2019-002 Mojave and Security Update 2019-007 High Sierra.
AirDoS is an advanced denial-of-service (DoS) attack targeting Apple devices through AirDrop. By exploiting a vulnerability in iOS and iPadOS, attackers can send a massive flood of connection requests, effectively freezing or crashing the target device. Victims experience system slowdowns, unresponsive touchscreens, or even forced restarts.
This attack poses a significant risk, especially in public spaces where AirDrop is commonly used. While Apple may release patches to address this issue, users can mitigate the risk by disabling AirDrop or setting it to “Contacts Only.” Cybersecurity researchers emphasize the importance of keeping software updated to prevent such exploits.
