Researchers at the CISPA Helmholtz Center for Information Security examined Apple AirDrop and Android Quick Share, finding six vulnerabilities across Apple, Samsung, and Google implementations. These vulnerabilities include AirDrop crash bugs, Samsung Quick Share protocol issues, and a Google Quick Share for Windows bug that could potentially lead to remote code execution.
Understanding the Risks
The affected protocols are used by more than five billion devices. Apple reports more than 2.2 billion active devices running the sharing service tied to AirDrop, while Google reports more than 3 billion Android devices with Quick Share available system-wide or used as a default sharing tool on many phones.
The researchers call this a proximity problem, as AirDrop and Quick Share are built to find nearby devices without the usual setup of pairing first. This convenience also means the sharing software has to listen before it fully trusts the other device.
Protecting Your Phone
To minimize the risks, it is essential to keep your phone’s software up to date. Install iOS, iPadOS, macOS, Android, Samsung updates, Google Play system updates, and Quick Share for Windows updates as soon as they become available.
On iPhone, keep AirDrop limited unless you are actively using it. The safest everyday choice is Receiving Off or Contacts Only. On a Samsung phone, Quick Share controls who can see your device and send you files nearby, with the safest choice being No one or Contacts only.
A file request from a stranger should be a red flag. Even if the file name looks harmless, decline it. Attackers often rely on curiosity, using funny photo names or something that looks like it came from a nearby event. If you did not ask for the file, decline the request.
Original reporting: Fox News (HLL/CB) — read the source article.