7.16 AirDrop security considerations

Information

AirDrop is Apple's built-in on demand ad hoc file exchange system that is compatible with both macOS and iOS. It uses Bluetooth LE for discovery that limits connectivity to Mac or iOS users that are in close proximity. Depending on the setting it allows everyone or only Contacts to share files when they are nearby to each other.

In many ways this technology is far superior to the alternatives. The file transfer is done over a TLS encrypted session, does not require any open ports that are required for file sharing, does not leave file copies on email servers or within cloud storage, and allows for the service to be mitigated so that only people already trusted and added to contacts can interact with you.

Even with all of these positives some environments may wish to disable AirDrop. Organizations where Bluetooth and Wireless are not used will disable AirDrop by blocking its necessary interfaces. Organizations that have disabled USB and other pluggable storage mechanisms and have blocked all unmanaged cloud and transfer solutions for DLP may want to disable AirDrop as well.

AirDrop should be used with Contacts only to limit attacks.

More info https://www.imore.com/how-apple-keeps-your-airdrop-files-private-and-secure https://en.wikipedia.org/wiki/AirDrop

Rationale:

AirDrop can allow malicious files to be downloaded from unknown sources.

Impact:

Disabling AirDrop can limit the ability to move files quickly over the network without using file shares.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

Perform the following to set AirDrop to the prescribed setting:
Graphical Method:

Open Finder

Select Go

Select AirDrop

Set Allow me to be discovered by: to your organizations prescribed setting

Terminal Method:
Run the following commands to enabled or disabled AirDrop:

$ sudo -u <username> defaults write com.apple.NetworkBrowser DisableAirDrop -bool <true/false>

The setting true will disable AirDrop and the setting false will enable it.
example:

$ sudo -u firstuser defaults write com.apple.NetworkBrowser DisableAirDrop -bool false

$ sudo -u seconduser defaults write com.apple.NetworkBrowser DisableAirDrop -bool true

See Also

https://workbench.cisecurity.org/files/3013

Item Details

Category: CONFIGURATION MANAGEMENT

References: 800-53|CM-7b.

Plugin: Unix

Control ID: 6755619ad5b9fcb48d2e70a1914790455e863761bcbfe4a0dbac0d6b686dbc9b