Vulnerabilities Discovered in Apple’s AirDrop and Android’s Quick Share
Recent research from the CISPA Helmholtz Center for Information Security has uncovered serious vulnerabilities in Apple’s AirDrop and Android’s Quick Share functionalities. While these flaws cannot execute malicious code, they can lead to system crashes, posing significant risks for users.
The Research Process
Arash Ale Ebrahim and Nils Ole Tippenhauer developed a testing program called “AirFuzz” for their investigation. This automated tool sends malformed data packets to AirDrop, aiming to trigger failures and malfunctions. The focus was primarily on the application layer rather than vulnerabilities at the raw radio frequency level.
How the Vulnerabilities Work
The researchers identified three vulnerabilities within AirDrop. Two of these can be exploited when AirDrop is set to “Everyone.” The third requires user acceptance of a file transfer.
Faulty HTTP Request: A single improperly formatted HTTP request can cause the related system service,
sharingd, to crash. This not only disables AirDrop but also disrupts related functionalities such as AirPlay, Handoff, and clipboard synchronization between devices.Property List Processing Flaw: The second vulnerability lies in how AirDrop processes Property Lists, leading to potential memory overflow through nested data structures.
Network Framework Weakness: The third vulnerability can be provoked by specially crafted HTTP headers, giving attackers another avenue for exploitation.
The researchers emphasized the robustness of Apple’s ID verification, noting that ten attempts to bypass user confirmation for file transfers were unsuccessful.
Implications for Google and Samsung
Similar vulnerabilities were also identified in Google and Samsung’s Quick Share implementation:
Samsung’s Quick Share: Researchers discovered two main issues. First, the service processes specific data packets before the authentication handshake is complete. Second, it accepts three out of seven message types in an unencrypted form contrary to specifications. This could allow an attacker on the same Wi-Fi network to manipulate connections or keep sessions alive.
Google’s Quick Share Client for Windows: A critical “use-after-free” error was found, where the program accesses already freed memory. Such flaws can be exploited to execute malicious code under certain circumstances. While researchers could cause reliable crashes, they were unable to develop a complete exploit.
Ongoing Fixes and Recommendations
Apple has confirmed the three vulnerabilities found in AirDrop, and fixes are currently in development. Samsung has forwarded its findings to Google, as the affected code originates from Google’s Quick Share components, which are still under review. Google has confirmed the Windows vulnerability and offered a bug bounty reward for its discovery.
All identified attacks require proximity of about 10 to 30 meters, meaning an attacker must be physically near the target device. In crowded settings like airports or conferences, multiple devices could theoretically be targeted simultaneously.
Until patches are released, users should exercise caution. If you are not actively using AirDrop, it is advisable to avoid modes that allow everyone nearby to see your device for an extended period. Similarly, for Quick Share, maintain a high level of vigilance in unfamiliar environments where device visibility is turned on.
Conclusion
The discovery of these vulnerabilities in AirDrop and Quick Share highlights critical security gaps that could compromise user data and device integrity. As tech giants work to resolve these issues, users must remain proactive in protecting their digital environments.
