Title

Apple iOS must have Airdrop disabled. (Cat II impact)

Discussion

An Airdrop feature is a way to send contact information or photos to other users with this same feature enabled. This feature enables a possible attack vector for adversaries to exploit. Once the attacker has gained access to the information broadcast by this feature, he/she may distribute this sensitive information very quickly and without DoD’s control or awareness. By disabling this feature, the risk of mass data exfiltration will be mitigated. SFR ID: FMT_SMF.1.1 #42

Check Content

Review configuration settings to confirm “AirDrop” is disabled. This check procedure is performed on the iOS device only. Note: This requirement is not applicable to iOS devices that do not support AirDrop, which include iPhones prior to iPhone 5 and iPads prior to iPad 3rd generation. On the iOS device: 1. Access Control Center by swiping up from the bottom of the device on the home screen. 2. Verify "AirDrop" is displayed with no other text in this box, or verify "AirDrop" does not appear at all. If AirDrop appears in the Control Center followed by "Contacts Only" or "Everyone", this is a finding.

Fix Text

The user must configure iOS to disable AirDrop.

Additional Identifiers

Rule ID:

Vulnerability ID: V-54291

Group Title:

Expert Comments

CCIs tied to check.

Controls tied to check. These are derived from the CCIs shown above.