This article is more than 1 year old

Apple's AirDrop abused by 'cyber-flashing' London train perv

Bluetooth-a-like tech helps weirdo send unwanted dick pic to alarmed passenger

Perverts have latched onto Apple's AirDrop as a means of pushing unsavoury content at unsuspecting commuters.

Lorraine Crighton-Smith, 34, received two unsolicited pictures of a unknown man's penis on her iPhone via AirDrop as she was travelling to work on a train in south London. Crighton-Smith, who told the BBC she felt "violated" by the hi-tech equivalent of flashing, reported the offence to the British Transport Police.

Officers are investigating the case, which they reckon is the first of its type that they have come across.

AirDrop is a documents transfer technology that works between supported Macs and iDevices. Apple introduced the Bluetooth-based tech with the release of iOS 7 back in 2013. It's supported by devices from the iPhone 5 onwards.

By default AirDrop is restricted to "contacts only" to but this is changed to "everyone" as soon as a user accepts a message from a previously unknown contact. From that point on users run the risk of being sent all sorts of undesirable content by strangers.

If the same content was sent by either Bluetooth push or MMS, a user would have to click to download and view it. Unlike comparable technologies AirDrop will display content without warning or user interaction, according to security experts.

"With AirDrop you don't have the option to not see an image sent to you, it shows as a preview which you then accept or decline," Ken Munro, a director at UK security consultancy Pen Test Partners, explains in a blog post.

"If someone sends you an abhorrent image you can't unsee it. Much as it may upset you our advice is to save it, and then contact the police."

There's no direct equivalent to AirDrop in out-of-the-box Android smartphones but similar functionality can be installed through third-party apps, according to Munro.

Munro told El Reg that Apple is not really at fault in how it set up AirDrop but, in light of the occurrence of an incident of cyber flashing, it might be better if it tweaked the feature so that it reverted to "contactsonly" and only accepted messages from random strangers after prompting users. Alternatively, the tech could return to a default "contacts only" setting after a short time of perhaps 10 minutes. As it is, many iPhone users accept the occasional message from a stranger and forget to change it back, establishing a permissive setting by default in the process.

That's exactly what seems to have happened in the run-up to receiving unsavoury content to the unfortunate Ms. Crighton-Smith, as she explained to the BBC's Victoria Derbyshire programme.

"I had AirDrop switched on because I had been using it previously to send photos to another iPhone user – and a picture appeared on the screen of a man's penis, which I was quite shocked by" she said.

"So, I declined the image, instinctively, and another image appeared, at which [point] I realised someone nearby must be sending them, and that concerned me. I felt violated, it was a very unpleasant thing to have forced upon my screen."

"I was also worried about who else might have been a recipient, it might have been a child, someone more vulnerable than me," she added.

Pen Test Partners' blog post explains how users can modify AirDrop to more secure settings or temporarily disable the technology entirely. ®

More about

More about

More about

TIP US OFF

Send us news


Other stories you might like