7.17 AirDrop security considerations

Information

AirDrop is Apple's built-in on demand ad hoc file exchange system that is compatible with both macOS and iOS. It uses Bluetooth LE for discovery that limits connectivity to macOS or iOS users that are in close proximity. Depending on the setting it allows everyone or only Contacts to share files when they are nearby to each other.

In many ways this technology is far superior to the alternatives. The file transfer is done over a TLS encrypted session, does not require any open ports that are required for file sharing, does not leave file copies on email servers or within cloud storage, and allows for the service to be mitigated so that only people already trusted and added to contacts can interact with you.

Even with all of these positives some environments may wish to disable AirDrop. Organizations where Bluetooth and Wireless are not used will disable AirDrop by blocking it's necessary interfaces. Organizations that have disabled USB and other pluggable storage mechanisms and have blocked all unmanaged cloud and transfer solutions for DLP may want to disable AirDrop as well.

AirDrop should be used with Contacts only to limit attacks.

More info:

https://www.imore.com/how-apple-keeps-your-airdrop-files-private-and-secure

https://en.wikipedia.org/wiki/AirDrop

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

None

See Also

https://workbench.cisecurity.org/files/3092

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 6b5cb3a5137f2a3f617dd27c6c96198d20f8b7106f763ed0b3d085f0e1e9e5ff