Bug In iOS, OS X Allows AirDrop To Write Files Anywhere On File System

Trailrunner7 writes: There is a major vulnerability in a library in iOS and OS X that allows an attacker to overwrite arbitrary files on a target device and, when used in conjunction with other techniques, install a signed app that the device will trust without prompting the user with a warning dialog. Mark Dowd, the security researcher who discovered it, said he's been able to exploit the flaw over AirDrop, the feature in OS X and iOS that enables users to send files directly to other devices. If a user has AirDrop set to allow connections from anyone—not just her contacts—an attacker could exploit the vulnerability on a default locked iOS device. In fact, an attacker can exploit the vulnerability even if the victim doesn't agree to accept the file sent over AirDrop.

The enabling technology, itself, is ridiculous.

[Osiris+Ani]

Of course the bug is worrisome, but then, I consider the setting that allows it—leaving AirDrop open to everyone—to be a pretty ridiculous personal security flaw. Making one’s phone readily available to connections from random sources for the sole purpose of file drops doesn’t sound like something that should make the least bit of sense to even the average user.

Re:The enabling technology, itself, is ridiculous.

[Galaga88]

I think AirDrop defaults to contacts only, so that should mitigate most of the severity of this - thankfully.

I've actually enabled AirDrop receiving requests from anybody on my iPhone (which I'm about to change) and have never gotten anything via it, unsolicited or otherwise. In fact, I'm the only person I've ever seen use AirDrop, and I had to tell the other person how to turn it on in each case.

Re:The enabling technology, itself, is ridiculous.

The only time you'd ever use AirDrop is when sending or receiving stuff to or from people you don't have contact information for and who you don't want to share that info with.

So basically, “I don’t know you, or I don’t trust you enough to give you my contact information, but here-- put something onto my phone.”

You’re lucky someone else beat you to it, because at least that makes your statement only the second-stupidest thing I’ve read today.

Re:The enabling technology, itself, is ridiculous.

[BitZtream]

Considering that were talking about signed apps that don't have the security warning, it also means the app can be traced to a specific individual or organization ... And that certificate can be blacklisted effectively stopping the attack vector on a global scale, instantly. While directly identifying who to prosecute and seize funds from. Apple gives out the signed certs, you don't just generate a very and poof it's no longer warning anyone, it has to be signed by Apple (the cert, not the app on OSX).

So while this is a concern ... It requires that you disable MULTIPLE security features and do several stupid things to intentionally give everyone access to your devices.

Hope they fix it quickly in case this can be exploited in other actually scary ways, but this scares me less than Trojans on a jail broken phone ... And my phone isn't jail broken!

Re:The enabling technology, itself, is ridiculous.

[DougOtto]

Um no. If you put your device in "fuck me mode" because you're worried about your privacy, your doing it wrong. I don't blame you for posting AC, I wouldn't want admit that asshattery either.

Re:The enabling technology, itself, is ridiculous.

[Galaga88]

Because I would have seen a prompt asking me to accept or decline a file. And I think it's safe to say that given the place I work and community in which I live, I have a better chance of having been killed in a traffic accident than somebody coming within AirDrop range and targeting me with an unpublished iOS vulnerability.

Plus I just updated to iOS 9 which in all likelihood would have wiped out any nefarious stuff that had been installed by this mystery attacker-ninja.

Re:The enabling technology, itself, is ridiculous.

[gmack]

Years of using slashdot would keep me from enabling such a function even without the security implications. I can imagine some troll sending tubgirl or goat.cx pics to anyone they can.

Re:The enabling technology, itself, is ridiculous.

[93+Escort+Wagon]

Given this bug, how can you know that?

If you'd read the article, you'd have seen that the way to bypass the authorization prompt was by "nstalling an enterprise provisioning profile on the device and marking it as trusted."

Sounds to me like AirDrop is superfluous in this case. If my device has an enterprise provisioning profile, I believe that enterprise can already put whatever it wants on it.

So, if anything, this sounds like a sandboxing issue (you can put files in arbitrary locations on the device) rather than an AirDrop issue.

Re:Apple defending shit

[U2xhc2hkb3QgU3Vja3M]

That's because Windows has complex security holes that require a lot of hacking. With this flaw, Apple clearly shows that hacking "just works" on their devices.

To disable AirDrop

[MAXOMENOS]

Check to see whether it's disabled already, open a command prompt and run:

defaults read com.apple.NetworkBrowser | grep DisableAirDrop

If it returns DisableAirDrop = 1, then you should be fine. If it comes up blank, or if it shows DisableAirDrop = 0, then AirDrop is not disabled by default. In this case, run:

defaults write com.apple.NetworkBrowser DisableAirDrop -bool YES

You'll need to log out and log back in for the change to take effect.

references: this Apple Forums thread