The denial-of-service (DoS) attack was discovered by
The security researcher Kishan Bagaria devised a
The AirDoS technique allows to remotely render any nearby iPhone or iPad unusable, it relies on AirDrop feature that allows iPhone, iPad, Mac and iPod users to share photos, documents, map locations, and other types of files with nearby devices via Bluetooth or Wi-Fi.
Bagaria demonstrated that it is possible to use the AirDoS attack to “infinitely spam” all nearby devices with an AirDrop popup.
“I discovered a denial-of-service bug in iOS that I’m calling AirDoS which lets an attacker infinitely spam all nearby iOS devices with the AirDrop share popup. This share
The expert discovered that it was possible to force nearby devices to continuously display a dialog box on their screen regardless of how many times the user presses the Accept or Decline buttons. The expert pointed out that the attack will continue even after the user locks and unlocks the device.
The attack works only if the AirDrop setting is set to “Everyone”, while if the user has set to “Contacts Only”, the issue could be exploited only by someone
To stop the attack, the victim needs to get out of range from the attacking device or turn off AirDrop/WiFi/Bluetooth.
“This can be done if you can access from the lock not if you have it disabled. Either way, you can ask Siri to turn off WiFi or Bluetooth. Restarting your device may also give you some time to turn AirDrop off before the attack takes place again.” continues Bagaria.
On iOS and
To prevent this type of attack the expert
The expert reported the bug to Apple in August 2019, the tech giant addressed it with the release of iOS 13.3,
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.