Researchers Discover Six Vulnerabilities in Apple AirDrop and Google/Samsung Quick Share Protocols
Key Takeaways
- ▸First systematic reverse engineering study of Apple AirDrop and Google/Samsung Quick Share reveals 6 vulnerabilities across 5 billion+ devices
- ▸Vulnerabilities include pre-authentication DoS attacks, encryption bypasses, and memory corruption issues affecting macOS, iOS, Android, and Windows
- ▸Researchers created AIRFUZZ, a protocol-aware fuzzer specifically designed for proximity transfer protocols, and performed responsible disclosure with vendor acknowledgment
Summary
Academic researchers have published the first systematic security study of Apple's AirDrop and Google/Samsung Quick Share proximity file-transfer protocols, uncovering six previously unknown vulnerabilities across both platforms. The study, submitted to arXiv on June 25, 2026, represents the first cross-platform reverse engineering and protocol-aware fuzzing analysis of these proprietary stacks, which are used by over five billion devices globally.
The researchers discovered three pre-authentication vulnerabilities in Apple's macOS and iOS AirDrop implementation: a Swift fatalError denial-of-service in the HTTP path router, unbounded XML plist recursion in Foundation, and a NULL pointer dereference in the HTTP/1.1 parser. Samsung's Quick Share service contained two protocol-layer flaws including pre-authentication OfflineFrame dispatch and D2D encryption bypass vulnerabilities. Google's Quick Share for Windows was found to contain a heap use-after-free vulnerability, for which Google issued a bug bounty.
All findings have been responsibly disclosed to the affected vendors, and Apple, Samsung, and Google have acknowledged the security reports. The researchers developed AIRFUZZ, a novel protocol-aware fuzzer that mutates pre-compression representations, and successfully reverse-engineered AirDrop's seven-layer state machine and DVZip adaptive compression algorithm through binary analysis.
Editorial Opinion
This research highlights a critical blind spot in the security ecosystem: the lack of systematic scrutiny applied to the 'small' but ubiquitous protocols powering everyday interactions. With proximity-based file transfer protocols reaching billions of devices globally, the discovery of pre-authentication attack vectors—reachable without user interaction—underscores why proprietary protocols with limited documentation pose ongoing security risks. The authors' commitment to responsible disclosure and protocol-aware tooling sets a precedent for how future proximity and transfer protocol security should be studied.



