Sponsored: Analysts urgently need solutions to understand illegal uses of Sidelink services and investigate resultant crimes
Mobile devices have long been capable of peer-to-peer networking using built-in Bluetooth, Wi-Fi, and cellular radios. The technical term for this connectivity is Sidelink, but it is more widely known by the Apple iOS/macOS implementation, AirDrop (Nearby Share is the Android equivalent).
AirDrop (or equivalent) allows the sharing of files and messages to nearby devices using a phone’s Wi-Fi and Bluetooth, without ever using a telecommunication provider’s cellular network. Therefore, the usual digital footprints collected by law enforcement as evidence are not available.
In recent months, news reports of people using AirDrop to distribute threats of violence and inappropriate material have caused school evacuations, leading to demands for criminal investigation and prosecution.
As governments around the world update laws to address AirDrop communications, the challenge for policy makers and investigators will be finding innovative solutions to capture the non-traditional information from these services and help analysts understand how they are illegally used and how to investigate such crimes.
What is Airdrop or Nearby Share?
AirDrop, Android Nearby Share, Windows Nearby Sharing, and other Sidelink platforms are implementations of a networking technology in the operating system of smartphones, tablets, laptops and desktop computers. The capabilities were developed to enable fast, efficient sharing of information between physically close devices.
The idea was for you to share photos of a vacation, an article you are reading, your contact information, or a playlist with someone you are standing in front of on-the-fly, with one click, making sharing with others easier and faster.
The process generally begins by the transmitting device sending out a broadcast over Bluetooth. While Bluetooth is reliable, it is slow and consumes battery power quickly. Bluetooth Low Energy (BLE), however, is optimized for just such communications, using much less power and bandwidth. In the event of a BLE broadcast, any devices that are:
1) awake;
2) have Airdrop (or equivalent) turned on; and
3) are nearby, will respond with a hash identifying themselves.
The application will then establish a peer-to-peer Wi-Fi connection between the sender and each receiver. Wi-Fi is used because of its power efficiency and high-speed data transfer capability. Once the transfer completes, the Bluetooth and Wi-Fi connections are torn down.
AirDrop settings do allow users to control which, if any, of their devices can be discovered for sharing. They can be seen in expanding circles of discoverability:
1) Users can turn off the capability completely (in which case they would never see the BLE broadcast);
2) Users can have the capability on, but limit their device being discovered only by their contacts; and,
3) allow any device to discover them. Users can also change how they appear when discovered or when sharing by changing their contact name and/or photo.
Why off-network file sharing matters
Since restricting the AirDrop or Nearby Share via settings on a device may impact the intended advantages of Sidelink communications, users sometimes leave their device fully discoverable. As a result, unknown parties may place content of their choice – even criminal threats – on other people’s devices, without the benefit of network-based mediation to identify its source.
For example, pushing obscene material onto other people’s devices without their knowledge or consent may be harmful and/or criminal regardless of whether their device settings permit it. Those actions can be particularly malicious when they target children or other vulnerable parties, moving beyond harassment to causing or awakening trauma.
The potential for the misuse of Sidelink applications can take many forms. On a number of occasions, airplane passengers have used AirDrop communications to interfere directly with flight safety, delivering everything from bomb threats to terrorizing images of plane crashes to other passengers in mid-flight.
The potential danger of a panic reaction among plane passengers is obvious, and it extends to larger contained areas with crowds of people as well, such as stadiums or schools. In such instances, the communication itself constitutes a crime that must be investigated, but it can also incite a potential public emergency that authorities must assess and react to immediately.
The perceived anonymity that Airdrop provides to the sender and recipient coupled with the lack of traditional intelligence data from the cellular network means that those investigating such crimes hit a quick, dead end. SS8, working with our law enforcement partners, is currently developing solutions to help fill those gaps for investigators. We look forward to sharing more as
About the author Kevin McTiernan
Kevin has over 20 years’ experience in the telecommunications and network security industries. At SS8, he is VP of Government Solutions, responsible for leading the vision, design and delivery of SS8’s government solutions, including the Xcipio® compliance portfolio. Learn more about Kevin from his LinkedIn profile by clicking here.