If your iPhone or iPad is not running the latest system software, you could fall victim to an attack that could make your device temporarily unusable. Here is what you need to know about the vulnerability behind this attack.
Devices running iOS 13.2, iPadOS 13.2, or earlier versions of these operating systems contain a vulnerability that hackers can use to launch a Denial of Service (DoS) attack.
The Vulnerability and How It Is Exploited
The security researcher who discovered the vulnerability refers to it as “AirDoS” because it can be exploited to launch a DoS attack that involves the AirDrop feature. This built-in feature lets iPhone and iPad users share files (e.g., documents, photos) with each other via a Wi-Fi or Bluetooth connection.
Hackers can exploit this bug to attack all nearby iPhones and iPads that are not patched. In the attack, an AirDrop box pops up, indicating that someone wants to share a file with you. The box gives you the option of accepting or declining the file. No matter which option you choose, the pop-up box immediately reappears. This creates an endless loop that prevents you from being able to use your device. The pop-up box will persist even if you lock and then unlock your device.
What to Do
What should you do if you fall victim to an AirDrop attack? First, try moving out of range. The attack occurs over a Wi-Fi or Bluetooth connection, so the attacker has to be nearby.
If moving out of range is not possible (e.g., you are on an airplane), you can ask Siri to turn off Wi-Fi or Bluetooth. Alternatively, you can lock your device, access the Control Center from the lock screen (assuming this capability is enabled), and turn off AirDrop, Wi-Fi, or Bluetooth from the Control Center.
While stopping an AirDoS attack is possible, it is better to prevent one altogether. The best way is to upgrade your iPhone to iOS 13.3 or your iPad to iPadOS 13.3. This will patch the vulnerability. Before upgrading, though, be sure to back up your device.
To prevent similar attacks in the future, you should also configure AirDrop so that only people in your contacts list can share files with you. You might also consider keeping AirDrop, Wi-Fi, and Bluetooth disabled when not in use.