Future TechnologyFuture Technology
Security

AirDrop and Quick Share both have unpatched flaws that let strangers push files at your phone

· 4 min read · By Future Technology

Researchers disclosed six separate issues across Apple's AirDrop and Android's Quick Share, the two systems billions of people use to fling photos between phones without thinking about it. The flaws could let someone nearby push files at your device in ways it should not allow. As of now, they are not fully patched.

Why it matters: Both features work over short-range wireless, so an attacker has to be physically close, on a train, in a cafe, at an airport gate. That limits the blast radius, but it also describes exactly the crowded places where your phone spends a lot of its time.

The fix in the meantime is boring and effective. Set AirDrop to "Contacts Only" or off, and set Quick Share to visible to contacts only rather than everyone. You lose nothing except the ability to receive files from strangers, which was never a feature you wanted.

Key takeaways

  • Six issues span AirDrop and Quick Share, not one platform.
  • Attacks need physical proximity, so crowds are the risk.
  • Set both to contacts-only until patches ship.

Vendors are working on fixes. Until they arrive, the receiving setting is your patch.