A flight out of Newark was evacuated when someone sent an image of a suicide vest to multiple Apple devices on the plane as passengers awaited takeoff, the latest warning that Apple’s AirDrop feature can be used for more than flirting and sharing memes.
Passengers on a Tampa-bound JetBlue flight received an unsettling surprise on Saturday when someone sent them the image through Apple’s AirDrop feature, which allows users to share content with nearby devices through Bluetooth technology.
The plane was evacuated, and was able to take off after Port Authority police and bomb-sniffing dogs concluded there was no threat on board. But police have been unable to identify who sent the image in question.
Unsolicited AirDrop messages have both been popular, and a concern, since the feature was first introduced in 2011. The feature allows Apple users to send photos to anyone in a 30 foot radius, and lets users accept or decline an image when it is sent. However, the request includes an image preview that users are forced to see before responding.
It’s been wildly popular with teens as a means to flirt or send memes in public places like concerts, festivals and on public transportation. But it has been used as a tool of harassment as well. New York City lawmakers introduced a bill last year would make it illegal “for a person to send an unsolicited sexually explicit video or image to another person with intent to harass, annoy or alarm such other person”, in part as a response to an epidemic of unsolicited nude images being sent over AirDrop on NYC subways.
Apple users can change AirDrop settings to receive requests only from people on their contact lists, but many people have Bluetooth sharing public by default, security experts say.
And tracking an image back to a specific device is difficult. AirDrop is largely anonymous, said Richard Gold, the director of security engineering at San Francisco-based security firm Digital Shadows, and it cannot be traced to a device “unless you were to confiscate all the devices from the passengers on the flight”, he said.
“Even then, it’s unlikely you’d be able to figure the originating [Bluetooth] address without forensically examining the devices which received the pictures,” he said.
“Ultimately, the security concerns comes down to the general principle of ‘if you’re not using something, turn it off,’” Gold said.
Apple and JetBlue did not respond to request for comment.