AirDrop is an Apple technology that allows two devices to interact directly without requiring a pure Wi-Fi network or Internet connectivity offered through the Access Point (AP). This sort of Peer-to-Peer (P2P) connection utilizes the ubiquitous and standardized Wi-Fi Direct protocol.

Yes, you can get a virus from Airdrop as well. All wireless services are not completely secure, and the same is the case with Apple’s Airdrop feature. A research study has revealed that Airdrop is not totally secure and attackers may exploit it. 

This article will elaborate upon and explain how can someone get a virus from Airdrop. Furthermore, the present vulnerabilities of Airdrop as well as the methods of preventing viruses from infecting the device will be discussed. 

What Is An Airdrop?

iPhone users using AirDrop enabled may inadvertently reveal sensitive information to a cyber criminal. AirDrop, which is utilized by many iPhone users, enables you to transmit a file to another user’s device in order to share it. 

Apple’s implementation of AirDrop seems to have a problem in the way it verifies if you are on the other person’s contact list. 

Given the number of WiFi-activated devices which include not only iPhones, but also medical equipment, robotic machinery, and laptops, attackers can easily any other WiFi-compatible device wirelessly take control of it.

The researchers discovered a vulnerability inside the Contacts Only option. To distribute a file with AirDrop, you must utilize the iOS Sharing system and choose AirDrop as the method. 

If the other person’s AirDrop is configured to Contacts Restricted, Apple must evaluate whether you are in their contact list. 

See also  How to Stop Someone from Using Your Wi-Fi Connection

To do this, the organization employs an authentication procedure that matches your email and phone number to entries in the other individual’s address book.

Apple employs a hashing algorithm to obfuscate your email address and phone number throughout this procedure. However, university experts have already determined that this hashing does not effectively secure the confidentiality of the material.

As a result, a knowledgeable outsider may invert the hash values using specific techniques, such as brute-force assaults, and get your phone number and email address. This issue also affects other AirDrop-capable devices, like iPads and Macs.

As just an attacker, it really is conceivable to discover the email and phone addresses of AirDrop customers as a stranger.  

The only requirements are a WiFi-enabled device and proximity to a destination that commences the research process by activating the sharing window onto an iOS as well as macOS device.

In one possibility, a hacker with bad intent may loiter in a public area and search for iOS Share users. 

If AirDrop was set to Contacts exclusively for a specific user, the hacker might then attempt to collect the email address and phone number of nearby users by employing various techniques. This data can then be utilized for spam, phishing, and other forms of attacks.

An attacker interested in exploiting one of the nearby devices can access the other device through it or deliver an AirDrop message to every nearby device. To replace the insecure AirDrop architecture, the researchers claim to have developed their own system, PrivateDrop. 

PrivateDrop may rapidly and securely detect if you are in a neighboring iPhone user’s contact list without exchanging the sensitive hash information. PrivateDrop is available on GitHub for third-party analysis.

See also  How Secure is Your iPad for Internet Banking?

Apple’s Response To Airdrop’s Vulnerability 

In May 2019, according to the researchers, AirDrop’s privacy flaw was reported to the firm. Apple has neither yet recognized the issue nor stated it is working on a potential cure. 

Researchers now urge users to disable AirDrop. To accomplish this on an iPhone or iPad, navigate to Settings, then General, and then hit the AirDrop entry. Set the Receiving setting to Off.

It is possible to remotely exploit over-the-air (OTA) attacks. While the perpetrators in the aircraft example were physically present in the network airspace, it is crucial to remember that OTA assaults may be exploited remotely without really being in the system airspace.

The concepts are comparable. The attacker takes remote control of a gadget in the target’s network airspace or hops to a Wi-Fi device connected to the target’s network airspace. 

Attacks From The Air Constitute a Business Concern

This isn’t a consumer-only concern. OTA assaults may occur in any setting, including banks, hospitals, industries, and IT firms, among others.

Since it is not always under your system security, there is little you can do, even if you are aware that it has been compromised. Consider the garage across the street from your office that has a surveillance camera. 

Suppose you are aware that the camera was hacked. You are even conscious that it is broadcasting a network name identical to yours in order to trick consumers into connecting to it. 

Consider your device, which is linked to the business network on one end and transmits Wi-Fi Direct on the other. The remote attacker capitalizes on the Wi-Fi link to seize control of the machine and get direct network access using an Antenna for Hire technique, this allows over the air attacks (OTA) to execute.

See also  Do You Need Virus Protection for a Samsung Tablet?

Thus, the attacker circumvents existing network security measures such as network access control (NAC), intrusion detection system (IDS), and firewalls.

Not A Defect, But A Function

The use of AirDrop, Wi-Fi Direct, or Wi-Fi is neither a security flaw nor a bug. It is inherent to the protocol and therefore cannot be altered. However, AirDrop is not totally safe.

What Actions Do Organizations take?

Considering that over the air (OTA) assaults circumvent all existing network security solutions, has evolved as a new network security section (NACP).

NACP solutions examine the organization’s network airspace and detect any broadcasting devices, as their name indicates. They then distinguish between corporate assets and antennas for hire. 

In accordance with the wireless security strategy, connections that breach the policy are terminated. At the most fundamental level, they prevent any attempt to establish a relationship between being an Antenna for Hire as well as a corporate asset.


It can be conclusively said that you can get a virus from Airdrop. This is due to the fact that Airdrop is vulnerable so anyone can intercept the connection and send malware payloads through it.