Apple's AirDrop abused by 'cyber-flashing' London train perv Perverts have latched onto Apple's AirDrop as a means of pushing unsavoury content at unsuspecting commuters. Lorraine Crighton-Smith, 34, received two unsolicited pictures of a unknown man's penis on her iPhone via AirDrop as she was travelling to work on a train in south London. Crighton-Smith, who told the BBC she felt " …
How else are companies supposed to push adverts to unsuspecting iPhone owners?
Given there have already been issues (on Android for example) with the bastard fucking stupid idea of loading and processing media without user interaction, how long before someone works out a way to use this to start popping phones? Think about the recent issues with Android automatically processing media in MMS messages, it's far from impossible that something similar could be achieved with this.
What's wrong with showing a filetype icon and saying "Picture received, open?" rather than silently processing the thing to show a preview? Granted a good number of the population would click 'Yes' either way, but at least it'd make it a little harder for you to silently get pwned without noticing that something slightly strange had happened.
At a previous employers we were the first department to have Outlook whilst everyone else had Novell. One fine day an email arrived with a pest piece of malware that just sent a message + malware to every email contact and if the recipients opened the email it would do their contacts too. So having been told that the computers needed to be sanitized one by one and not to use them, my team took the opportunity to go to the pub for the day.
Everything is good once the IT (support) crowd had finished doing their stuff and work could have resumed at 4pm except by that point we couldn't see a point in doing that. Fast forward a few months and the Intern email account is used for the first time since the outbreak, during intern season (the summer holidays) by our latest victim, sorry intern. Whereupon the emails start flooding in again as they clicked on the email and their account wasn't sanitised as someone forgot to check those accounts not logged in.
What could possibly go wrong indeed.
Quite a lot.
Having Airdrop wide open like that is equivalent to running an unsecured WiFi network. You're held responsible for the traffic that passes through it. So if someone is using your WiFi for downloading kiddie porn it's your problem to prove it wasn't you when the police come knocking. Difficult.
So if some horrible person sent kiddie port to an open Airdrop iPhone, that phone now has illegal content on it. The owner would then either have to
1) destroy the phone immediately,
2) hand it over to the police immediately with the image intact (the right thing to do, hopefully the cops know what Airdrop is...))
3) or take a risk that their phone at some point later in time is not forensically examined and the deleted image discovered lurking in the file system somewhere.
If 3) did happen it would be a bit late to claim the image wasn't yours and had arrived unwanted through Airdrop. You'd then have that charge added to whatever else was on the rap sheet to have caused your phone to be in the hands of the cops in the first place.
OK, so that might be a low risk, but it would have a high impact on your life.
By default AirDrop is restricted to "contacts only" to but this is changed to "everyone" as soon as a user accepts a message from a previously unknown contact.Munro told El Reg that Apple is not really at fault in how it set up AirDrop...
Um.. yes it is. Apple is at fault. Really. Completely. It's Apple wot dun it.
..and it's Apple wot's about to undun it as soon as Apple can get its shit together.
You're thinking of Google, not Apple. When has Apple tried to monetize pushing ads at people? Look at Apple Pay, and the way it is designed so neither Apple nor the retailer even get your name when you pay for something.
Anyway, the article says nothing about pushing ads, and I've never heard of anyone using Airdrop in this way - though I imagine a few unscrupulous retailers will read this article and have an "aha" moment.
I love how trolls try to push the faults of Apple's competition onto them. You can argue Apple's products are overpriced and are missing some features compared to the competition. You cannot however legitimately argue that Apple is selling out their users in any way even remotely close to how Google is.
Apple are one of if not the most successful company in the world at extracting value from their customer base. That is in essence what companies are there to do and no one would deny that Apple are spectacularly successful. So why shouldn't they, "We see you're standing in the Perfume Isle, we've got a a special offer on your favourite perfume today, buy 1 get 1 half price" etc... See easy to sell as a service.
This is a designed in feature that someone's naivety didn't see as a perving tool.
I am heartened to learn that flashers have adapted this technology and have embraced the concept of content delivery.
Well done that flasher!
I get annoyed when the term disaster or massacre involves the death of a few people. It seems to trivialise the whole thing and leave us no term to use when a genuine disaster comes about. Ohhh and the term hero has been much abused as well. Hmmmm, must go as I am dropping into rant mode.
I dunno. If I had someone sitting next to me and a dick pic appeared on my phone screen, I'd be more than a bit miffed that the person sitting next to me now thinks I'm surfing porn on my phone in a public place.
Violated? It may not be exactly the right word but it certainly captures the strength of feeling.
People react differently to the same thing. Apparently you all feel fine with some random bloke who's close enough to bluetooth a picture of his cock to your phone. Me, i'd be a little freaked out by that. I can imagine some people might feel violated by it.
You don't get to decide how other people feel and when you say they're wrong all you're really saying is "i don't do empathy".
Yes they do, but we also need to have a broad common standard that we agree on.
Violated is just stupid in this context. Angry, offended, frightened, upset, shocked would all be reasonable depending on personal sensibilities and the situation (lots of people around / only one other seedy looking bloke in carriage).
Violated is just tabloid-style hyperbole.
Well no, actually you've made some assumptions there that are incorrect.
It's a dick pic. Not an actual dick. Its an arrangement of pixels that represents a body part. No one is being violated, no real rules are being violated, and that's not my lack of empathy, its my annoyance at the abuse of the English language.
If said dick was in close physical proximity, or touched you, then you can feel violated and that be a correct use of the word, since they violated your personal space and probably a few laws at that point.
34 year old.
More likely "I was terrified that the person next to me thought I was looking at porn on the train"
And of *course* there's the mention of "Think of the Children". While I'll agree that the sender needs a good swat upside the head, if our society spent less time making the human form "forbidden fruit" there would be a heck of a lot less of an issue with crap like this, as it would be less likely to cause someone distress, and it would certainly be less of a thrill to the twat doing the deed.
<queue the downvotes>
What does the victim's age have to do with this? Why do you find it so hard to accept that the incident genuinely distressed her?
In cases like this it's easy for us - men in particular - to laugh it off and say that it was only a dick pic, but that doesn't mean that the woman concerned wasn't genuinely upset by this. Maybe she was a rape victim; maybe she had been sexually abused as a child. There are lots of reasons why this could have been distressing for her. Nothing to do with moralism or bubblewrap.
Or she could be an arachnophobe and thought it was a hairy spider.
We don't base laws (save it and send it to the police) based on the wild conjectures of what-ifs, laws are for all of us and have to be carefully tailored in order to protect genuinely vulnerable people and not so broad as to criminalise general twattery.
@Alistair
At first glance you can think that, but really I can see it being quite terrifying for some, the woman was being flashed at in public, with no knowledge of who in the immediate area was doing it, but that person was close by, perhaps some pervert stalking her.
There may also the strong probability that it is a bunch of teens having a laugh, but not something you would bet on to be safe.
As for "think of the children", while I do feel it is used a bit to much, in this case she may have a point, how would you feel if your son/daughter came back and reported the same thing happening to them in a public place? Its not that they have gone on the internet searching out a cheap thrill, it's forced on them from someone close by.
Don't know if there's be enough time for the handshake and transferring a file, even if you optimised the hell out of the image. Plus trains are metal boxes; which isn't going to help. Probably worth trying though - Goatse-ing Apple users from London to Edinburgh is a project well worth a bit of effort.
"how would you feel if your son/daughter came back and reported the same thing happening to them in a public place?"
Why care if it is a public place? Maybe they should be outraged at the stupidity of Apple (or anyone else with similar tech) for not making it more secure?
Also we have the underlying point of giving kids a tool to access practically any information in the world, how about they give them a dumb phone and problem solved.
It doesn't matter how crap apples implementation of this feature is , its upto the user to take responsibility for securing the device.
The only people at risk are those who don't secure the device.
It really is that simple, she can be as mortified as she likes that she got a random cock picture but she needs to take some responsibility for leaving the device wide open.
"It really is that simple, she can be as mortified as she likes that she got a random cock picture but she needs to TAKE responsibility for leaving the device wide open"
I left my front door unlocked and was surprised to find someone in my house, well woop de fucking doo
I left my front door unlocked and was surprised to find someone in my house, well woop de fucking doo
That actually happened to me about three or four years ago. I came downstairs one Saturday morning to find a complete stranger had slept on my couch. He seemed a decent sort so I made him a cuppa while he waited on his missus / pal (can't quite remember which) coming to pick him up, although I tend to lock the door at nights nowadays.
Why should people need to be constantly checking their settings to be sure they are secure. It sounds like accepting one picture from an unknown contact leaves it permanently open. I'm sure whoever coded that thought it would be easier for people to not have to constantly click accept, and wasn't thinking about people using it for something like this. I'm sure it will be fixed in an upcoming iOS update, then people won't have to "take responsibility" for securing their phone against this sort of thing.
People here are getting quite hysterical. You're not going to receive strangers' AirDrop files on an iPhone unless you
- Swipe up from the bottom of the screen
- Look at the AirDrop icon, which will be saying 'Contacts Only' next to it
- Click it
- Choose the 'Everyone' option
If you choose 'Everyone' you can expect to receive AIrDrop invitations from anyone who is minded to send you a file. Until such a time as you change your mind. Not exactly rocket science.
Toggling WiFi, Bluetooth, Airplane mode and Do Not Disturb are all set using the same swipe-up gesture. The current settings are super-obvious to see.
This is a lot of fluff about nothing.
RTFA:
> By default AirDrop is restricted to "contacts only" to but this is changed to "everyone" as soon as a user accepts a message from a previously unknown contact. From that point on users run the risk of being sent all sorts of undesirable content by strangers.
> By default AirDrop is restricted to "contacts only" to but this is changed to "everyone" as soon as a user accepts a message from a previously unknown contact. From that point on users run the risk of being sent all sorts of undesirable content by strangers.
Excuse me, but I have not been able to manage this at all so I am now wondering about the veracity of that statement.
1 - if the Airdrop setting is "contacts only", the device will simply not show up on devices not authorised for access, so it's impossible to use AirDrop in this context. If you're not in the recipient's contact list, your device will not even list the target device in the AirDrop selection box so you can't select it (it does not provide a manual entry like iMessage does).
2 - just on the off chance that "message" meant a genuine message I just sent an iMessage from a newly created iTunes account to an iPhone which was set to "contacts only" AirDrop and examined the settings afterwards. The incoming iMessage gets immediately classified as coming from an unknown source, and the 'AuirDrop" setting remains unchanged. This iPhone has not yet been upgraded, but I'm going to do that in the next 30 minutes or so (I always take a backup first).
This is why I like to test these things for myself.
"its upto the user to take responsibility for securing the device."
I'm not aware of a phone OS that lets you control the security of the device. They are all basically walled gardens for letting the vendor shovel content at you or sell your privacy to advertisers.
In this case, Apple are off the hook as soon as they provide a documented and supported way for customers to root the device. Until then, Apple are the responsible party and have clearly failed in this case.
I'm not aware of a phone OS that lets you control the security of the device. They are all basically walled gardens for letting the vendor shovel content at you or sell your privacy to advertisers.
Well, I don't know about Android, but iOS does actually have quite a few measures you can activate to tie it down, including retrospectively limiting access to phone facilities and data of already installed apps. Apple should NOT provide advice on how to root the device because that will actually kill off the screening they do of apps - very few apps with malicious content have made it through the app store screening process.
Apple does a reasonable job, but people want easy data sharing facilities, that's also why they install such crap as WhatsApp. You cannot stop people from being stupid, and frankly, advising them to root the device to make it safer is IMHO about the worst advice you can give to an end user.
AFAIK, AirDrop needs manual interaction (ahem) to change state from "Contacts only" to "Everyone". The only improvement Apple could make would be to add a timeout option on the "Everyone" setting.
it is so damn difficult to make airdrop 'safe'
you don't even have to 'log in'
Just slide up the bottom menu
select airdrop
Turn OFF (or set to contacts only; or if you are a sensitive type on the tube set it to everyone)
LIFE IS NOT BUBBLE WRAPPED
It is YOUR responsibility to understand something so mind numbingly simple to use. You DELIBERATELY open it to everyone then you are responsible for DELIBERATELY leaving it that way. It is not rocket science; it's even easier than 10 + 10 = 100
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
