Lawful Intelligence for AirDrop File Sharing

Two cell phones in proximity exchanging data

Mobile devices have long been capable of peer-to-peer networking using their built-in Bluetooth, Wi-Fi, and cellular radios. The technical term for this connectivity is Sidelink, but it is more widely known by the Apple iOS/macOS implementation, “AirDrop” (“Nearby Share” is the Android equivalent). AirDrop (or equivalent) allows the sharing of files and messages to nearby devices using a phone’s Wi-Fi and Bluetooth, without ever using a telecommunication provider’s cellular network. Therefore, the usual digital footprints collected by law enforcement as evidence are not available.

In recent months, news reports of persons using AirDrop to distribute threats of violence and inappropriate material have caused school evacuations, leading to demands for criminal investigation and prosecution. As governments around the world update laws to address AirDrop communications, the challenge for policy makers and investigators will be finding innovative solutions that capture the non-traditional information from these services and help analysts understand how they are illegally used and how to investigate such crimes.

What is Airdrop or Nearby Share

AirDrop, Android Nearby Share, Windows Nearby Sharing, and other Sidelink platforms are implementations of a networking technology available in the operating system of smartphones, tablets, laptop, and desktop computers. These capabilities were developed to enable fast, efficient sharing of information between physically close devices. The idea was for you to share photos of a vacation, an article you are reading, your contact information, or a playlist with someone you are standing in front of on-the-fly, with one click, making sharing with others easier and faster.

The process generally begins by the transmitting device sending out a broadcast over Bluetooth. While Bluetooth is reliable, it is slow and consumes battery power quickly. Bluetooth Low Energy (BLE), however, is optimized for just such communications, using much less power and bandwidth. In the event of a BLE broadcast, any devices that are: 1) awake; 2) have Airdrop (or equivalent) turned on; and 3) are nearby, will respond with a hash identifying themselves. The application will then establish a peer-to-peer Wi-Fi connection between the sender and each receiver. Wi-Fi is used because of its power efficiency and high-speed data transfer capability. Once the transfer completes, the Bluetooth and Wi-Fi connections are torn down.

AirDrop settings do allow users to control which, if any, of their devices can be discovered for sharing. These can be seen in expanding circles of discoverability: 1) Users can turn off the capability completely (in which case they would never see the BLE broadcast); 2) Users can have the capability on, but limit their device being discovered only by their contacts; and, 3) allow any device to discover them. Users can also change how they appear when discovered or when sharing by changing their contact name and/or photo.

Why Off-Network File Sharing Matters

Since restricting the AirDrop or Nearby Share settings on a device may impact the intended advantages of Sidelink communications, users sometimes leave their device fully discoverable. As a result, unknown parties may place content of their choice – even criminal threats – on other people’s devices, without the benefit of network-based mediation to identify its source. For example, pushing obscene material onto other people’s devices without their knowledge or consent may be harmful and/or criminal regardless of whether their device settings permit it. Those actions can be particularly malicious when they target children or other vulnerable parties, moving beyond harassment to causing or awakening trauma.

The potential for the misuse of Sidelink applications can take many forms. On a number of occasions, airplane passengers have used AirDrop communications to interfere directly with flight safety, delivering everything from bomb threats to terrorizing images of plane crashes to other passengers in mid-flight. The potential danger of a panic reaction among plane passengers is obvious, and it extends to larger contained areas with crowds of people as well, such as stadiums or schools.

In such instances, the communication itself constitutes a crime that must be investigated, but it can also incite a potential public emergency that authorities must assess and react to immediately. The perceived anonymity that Airdrop provides to the sender and recipient coupled with the lack of traditional intelligence data from the cellular network means that those investigating such crimes hit a quick, dead end. SS8, working with our law enforcement partners, is currently developing solutions to help fill those gaps for investigators. We look forward to sharing more as our platform evolves to address modern Sidelink communication applications.

Kevin McTiernan Image - SS8

About Kevin McTiernan

Kevin has over 20 years of extensive experience in the telecommunications and network security industries. At SS8, Kevin is the VP of Government Solutions and is responsible for leading the vision, design, and delivery of SS8’s government solutions, including the Xcipio® compliance portfolio. You can learn more about Kevin on his LinkedIn profile by clicking here.

About SS8 Networks

As a leader in Lawful and Location Intelligence, SS8 helps make societies safer. Our commitment is to extract, analyze, and visualize the critical intelligence that gives law enforcement, intelligence agencies, and emergency services the real-time insights that save lives. Our high performance, flexible, and future-proof solutions also enable mobile network operators to achieve regulatory compliance with minimum disruption, time, and cost. SS8 is trusted by the largest government agencies, communications providers, and systems integrators globally.

Intellego® XT monitoring and data analytics portfolio is optimized for Law Enforcement Agencies to capture, analyze, and visualize complex data sets for real-time investigative intelligence.

LocationWise delivers the highest audited network location accuracy worldwide, providing active and passive location intelligence for emergency services, law enforcement, and mobile network operators.

Xcipio® mediation platform meets the demands of lawful intercept in any network type and provides the ability to transcode (convert) between lawful intercept handover versions and standard families.

To learn more, contact us at info@ss8.com.

Tweet Us @SS8       Follow Us LinkedIn

SS8 Newsletter

LATEST WEBINAR

THE DATA SILO DILEMMA FOR LAW ENFORCEMENT

How to Ingest, Filter and Query 5G Volumes

Webinar Presented by Kevin McTiernan

CLICK HERE to watch!