[random5634]

Not that many users expect to sit next to an attacker running this system AND be sharing something.

No question should be fixed - but compared to the rce s Apple has had (which do get fixed quickly) this is relatively lower risk

[kevincox]

Why not? I meet my friends for lunch and want to send them some photos while sitting in the restaurant?

This seems like a very plausible scenario and most users would not expect and would not want everyone in the restaurant to be able to see their email and phone number.

[coder543]

The implausible part is not having lunch with friends, although the pandemic has made that feel less plausible than it used to be... but rather, having an attacker actively running an attack within 10s of feet of your table at the restaurant. What is your threat model that makes this plausible?! You must be super important to have attackers following you to lunch. Or maybe you like to eat at restaurants that do their best to harvest all visitor data, even going so far as to use cutting edge vulnerabilities?

The person you replied to literally said this should be fixed. I agree with them that this is nowhere near as serious as issues Apple has had before, since the attack requires physical proximity and the use of the share pane. Even then, it doesn’t give the attacker RCE privileges or anything similarly world shaking.

Should Apple fix it? Again, absolutely. No one has said otherwise.

Nothing is 100% secure, so the relative risk posed by vulnerabilities can only really be assessed with a threat model. In most threat models, this is nowhere near as bad as their “GOTO Fail” bug or any number of others over the years.

I think celebrities and VIPs are essentially the only ones whose threat models would actually be impacted by this vulnerability in a plausible way.

[acdha]

> You must be super important to have attackers following you to lunch. Or maybe you eat at restaurants that do their best to harvest all visitor data, even going so far as to use cutting edge vulnerabilities?

… and do not use all of the other options for getting data from people in close proximity such as cameras or microcell sites. If your threat model goes far enough that this matters you should be more worried about all of the other options. I would be more worried about a Bluetooth, WiFi, or cellular exploit given the history.

(No, this is not saying that Apple shouldn’t improve this - only that it doesn’t seem like a huge change in the amount of risk you’re exposed to)

[random5634]

Or just grab the phone out of your hand - most people take their phones out of their pocket all the time even on the street. I used to ride a bus and they would grab phones and jump off just as bus would leave a stop. You can actually often get a ton more data this way if you have physical custody of device - no airdrop impersonation needed.

[acdha]

I was trying to exclude obvious attacks, but you’re certainly right for the average person. I’d worry more about, say, shoulder surfing a credit card or ID card more than this.

[clairity]

the threat model is that many someones knowingly or unknowingly have a stinger-like phone/device constantly collecting these hashes and cracking them. i know of at least one device in my building that was (likely unknowingly) attempting bluetooth-based hacking in a similar manner.

[random5634]

Yeah - no question this should be fixed and it is a bit annoying that it hasn't been.

[random5634]

The remote RCE issues Apple has had are critical vulnerabilities. Saudi Arabi doesn't like you, they exploit remotely (maybe not even knowing who you are at all yet) to get your data / your contact lists and social graph etc - and you could be impacted or others could be impacted as a result in a major way.

This exploit requires that they already know who you are and where you live and where you go get coffee. They have to send a physical attacker to stalk your coffee shop. They have to have this equipment to run the impersonation exercise - and then wait until you are picking up coffee and airdropping something.

And after all this they get your email and phone number? So they know all these details about you but can't be bothered to use true people search or ANY of the data brokers or any of the giant data leaks to look this up?

Apple is selling a CONSUMER device. If your threat model is this elaborate, stick your phone in a faraday cage and leave it at home, someone could just grab it out of your hand at the coffee shop and be likely to get a lot more data.

So yes, it's a risk - but on the scale of risks including just being straight mugged and your phone stolen, it seems somewhat lower?

[dylan604]

Is that necessary though. There are plenty of stories of people setting their AirDrop policies to 'Everyone' instead of 'Contacts Only' or 'None' where people are receiving unsolicited files (usually NSFW images). From my memory, they did not need to have their sharing pane open for this to happen to them.