Passengers heading to Tampa, Florida, experienced an unusual delay on Tuesday. Those on board a JetBlue flight out of Newark, New Jersey, were evacuated after a person used the AirDrop feature on the Apple phone to send an image of a suicide vest to multiple iOS devices on the plane, according to the Daily News.
Several passengers on the flight surprisingly received the image through Apple’s AirDrop feature, which allows users to share content with nearby devices through Bluetooth technology. Given that the person delivering the photo had to be within Bluetooth range, it was presumably a passenger as the plane had already left the gate and was on the runway waiting for takeoff, the report suggested.
There’s no real way to trace a Bluetooth MAC address to an individual or their device unless all devices were confiscated from the passengers on the flight, according to Dr. Richard Gold, head of security engineering at Digital Shadows. “Even then, it’s unlikely you’d be able to figure the originating MAC address without forensically examining the devices which received the pictures.”
The issue is just the latest concern with Bluetooth. There have been a number of reports of people abusing the AirDrop feature on iOS devices that uses Bluetooth technology to send unwanted photos of various natures to unsuspecting receivers since the feature was introduced in 2011, Gold said.
In addition to being difficult to trace, people typically leave the Bluetooth function on, said Chris Morales, head of security analytics at Vectra. “I used to admittedly walk around with my laptop scanning for exposed Bluetooth listening devices and could send commands to the owner. It is very easy. The easiest way to not receive things over Bluetooth is to require a pin for connectivity or to just turn it off.”