Apple has rolled out iOS 13.3 that also includes a fix to the bug that lets attackers temporarily lock users out of their iPhones and iPads.
Security researcher Kishan Bagaria found a bug in Apple’s AirDrop feature that he calls AirDos. AirDos is a denial-of-service bug that lets an attacker spam nearby iOS devices with continues AirDrop share popup. So, the owner of the phone won’t be able to do anything except Accept/Decline the popup.
Using an open-source tool Opendrop, the attacker can repeatedly send files again and again to not only a specific target in range but to any device that is set to accept files within the wireless range.
What should you do if someone is trying this on your device? The solution is to run away from the range of the attacker, so he won’t be able to send you anything using AirDrop. You can also turn off AirDrop/WiFi/Bluetooth if you get time from Accept/Decline the popup.
Kishan reported this bug to Apple in August 2019. In the latest iOS update, Apple has added the rate limit. After a device has declined the AirDrop request 3 times, iOS will automatically decline any subsequent requests. So, there won’t be any AirDos like condition.
Also read: Hacking Apps for Android
Even if Apple has issued a fix to this bug, it is better if you turn on AirDrop only when you need it. You should also keep it set to “Contact Only.” So only people you know can send you something.
The bug was not a security vulnerability, so apple hs not issued a common vulnerability and exposure (CVE) score but he acknowledged Bagaria’s findings in the security advisory.
