AirDoS: a bug allows remote lock-up of nearby iPhones using AirDrop

Security researcher Kishan Bagaria found a “bug” in AirDrop that let him repeatedly sent files to all devices able to accept files within wireless range of an attacker.

How it works?

The flaw, dubbed AirDoS, exploits the absence of receive limits in AirDrop feature.
When a file is received, iOS blocks the display until the file is accepted or rejected: because iOS didn’t limit the number of file requests a device can accept, a remote attacker can keep sending files using a tool like opendrop [1], repeatedly displaying the file accept box and causing the device to get stuck in a loop.

Bagaria also published a simplified PoC [4]:

It supports multiple devices but deliberately doesn’t support devices that have their AirDrop receiving setting set to “Contacts Only” to reduce the impact of publicly posting the exploit.

However, the bug and can also be exploited for a single device with a simple infinite loop and opendrop:

while true; do opendrop send -r 0 -f totally-random-file; done

Is my device at risk?

Devices that had their AirDrop setting set to receive files from “Everyone” are mostly at risk.
Turning off Bluetooth would effectively prevent the attack, but the file accept box is so persistent it’s near-impossible to turn off Bluetooth when an attack is under way [2]:

Besides getting away from the attacker, who is also unidentifiable most of the time, you can stop this by turning off AirDrop/WiFi/Bluetooth. This can be done if you can access Control Center from the lock screen but not if you have it disabled. Either way you can ask Siri to turn off WiFi or Bluetooth. Restarting your device may also give you some time to turn AirDrop off before the attack takes place again.


Is there a fix?

Apple just fixed the bug by adding a rate-limit, preventing a barrage of requests over a short period of time in iOS/iPadOS 13.3 [3].


References

  1. https://github.com/seemoo-lab/opendrop
  2. AirDoS: Remotely render any nearby iPhone or iPad unusable
  3. About the security content of iOS 13.3 and iPadOS 13.3
  4. https://github.com/KishanBagaria/AirDoS

Comments

This site uses Akismet to reduce spam. Learn how your comment data is processed.