Infected files in AirDrop and images ‘stolen’ in concerts: Maldita Tecnología’s 121st office arrives Maldita.es – Journalism so they don’t slip it on you

Hello, damn and cursed! It’s already Tuesday, which means only one house: Maldita.es’ technology office returns to the fray. In this edition, we answer two everyday questions, related to our day to day. The first has to do with taking care of our cybersecurity: can they introduce a virus into our iPhone through AirDrop? On the other hand, more questions arise about who can record us and post our images on social networks: what happens if I am recorded at a public event that I have accessed by buying tickets? What if I don’t want to go out?

Stay, we are going to comment on them. Of course, if you have more questions, remember that you can send them to us at our WhatsApp chatbot (+34 644 229 319), writing your question in This formulary or by sending an email [email protected] or to our Twitter. Let’s go there!

Can a virus be introduced into our iPhone through AirDrop?

Sending files through our phones is something we do constantly. Bluetooth may have been a bit forgotten for these purposes, yes, and we prefer to use WhatsApp or another messaging platform. If we use an iPhone, however, it is quite common for us to take advantage of AirDrop, a wireless system that incorporates these telephones to share and receive photos and other documents between phones that are relatively close.

It works by combining Bluetooth and Wi-Fi (both must be activated during the exchange), and its peculiarity is that it is not necessary to have the telephone number of the person to whom we want to send something. It simply has to accept (or reject) the file input. For this reason, you have asked us if it is possible that they infect our phone by sending us a photo or other document through this channel, especially if it comes from someone we do not know.

The short answer is yes, it can be transferred. malware to our mobiles through this technology, beyond the possibility of suffering some type of attack through Bluetooth or of Wifi.

“From the point of view of computer security, when we talk about file sharing such as AirDrop, the possibility of vulnerabilities in both the application itself and the operating system (OS) on which it runs should always be considered. , regardless of whether it is a mobile or desktop OS”, explains our damn Andrés Olano, computer engineer and specialist in auditing and computer security, who has lent us his superpowers.

In the case of AirDrop, he tells us that it is one more channel for sending files and that it is also vulnerable to being exploited: “When we talk about images or multimedia files, we must mention the stenography for hide ‘malicious’ instructions, but we could also talk about malware-type executable files or documents with exploit”. An exploit is code with which some malicious software is programmed to run once inside a device and perform some action, such as logging data.

In fact, Olano reminds us that the National Cryptologic Center (CCN), of the National Intelligence Center, includes an extensive explanation of the technical operation of AirDrop in its “A Practical Guide to Apple Services Security” 2020. In it, he gave some basic security recommendations to avoid receiving malicious files, such as keep the system off when not in use and after doing so, disable it instantly. It also advises avoiding enabling the “Everyone” mode (which allows anyone to send us a file, even if we do not have the contact in our agenda), especially in concurred places. An example? Public transport or a square full of people.

“Another important point included in this document is that although the identification system used by AirDrop makes it a safer transfer system than other mechanisms, it can be associated with other risks when keeping the Bluetooth and Wifi interfaces active, in addition to the vulnerabilities of the AWDL protocol used precisely by AirDrop”, remarks Olano. This protocol refers to the combination of both systems.

Over the years, security flaws have been reported that exploited AirDrop to obtain data from our phone, even though it wasn’t sharing a file. However, they are cases Apple, the company behind the iPhone, has been correcting.

In conclusion, the input of files to our devices can pose a risk, as we explained in response to another question about whether it was possible to infect our phone by sending a file such as a photo through WhatsApp. However, we can be aware of these guidelines so that they do not infect our devices: avoid opening any file if it comes from someone we do not know; configure apps securely and keep them up to date; and for this particular case, a good antivirus can also help.

What happens if I am recorded at a public event that I have accessed by buying tickets? Do they have the right to record me even if I don’t want to go out?

Put yourself in a situation: you buy a ticket to attend an event that you really wanted. So much so that you queue to get a seat in the front row but, when you get the precious seat, from the organization they tell you that you must sign a document in which they force you to give up your image so that photos can be posted in which you appear on social networks . What if I refuse? Well, goodbye to the first row, they ask you to sit outside the camera plane.

Another case. You go to a massive concert in which hundreds of photos are taken that later end up published in the media. What if I don’t want to appear in them? If nobody has warned me that they were going to hang on the Internet.

They are two real situations for which you have asked us the following: do they have the right to record me and post those images even if I do not want to appear in them? Does it have something to do with me buying a ticket for an event? Is it because it is crowded? Let’s see it step by step.

As we have explained on other occasions, these issues are governed by the civil protection law of the right to honor, personal and family privacy and own image. This is where it is explained that no one can record us or take pictures of us and spread them without our permissionexcept for a few situations, such as we are present at an event attended by a public official (like a politician). In the case of a public event, such as a concert, the same rule applies: initially, they need our consent to post the photos on social networks.

However, there are also exceptions here, as explained by Camino García, a lawyer specializing in data protection at Meraki Abogados, which occur “when the image is of an accessory nature in relation to a public event or happening”, which is what includes article 8 of the aforementioned law.

“The image of an individual is incidental when it is not the main object of the information, as would happen, for example, when it appears indirectly when capturing or recording a public act, such as a demonstration or a show,” García details. And this is how the Supreme Court stipulated it in a 2008 ruling, in which it defined the concept of accessory image as “one that is found within a graphic report in a secondary and inconsequential way, not as the main image”.

It also refers to another resolution of the court from 1992, in which it speaks of “cases in which journalistic information is carried out by means of photographs in which an event or occurrence is reflected or in which the written text is illustrated with photographs of the event object of the information. In this assumption, the case of a concert could be framed, for example, which is usually illustrated in the media. It is true, yes, that they are sentences that did not contemplate the strong presence that digital platforms and social networks have today in our lives.

“Consequently, the image of an anonymous person is accessory when it illustrates or accompanies the news in a secondary way, not covering the main element of it,” concludes García.

Here is another interesting point that the lawyer tells us: our image is a personal data, so you can also go to data protection legislation to find answers. In this sense, he refers to a resolution of the Spanish Data Protection Agency (AEPD) which responds to a case in which a person was seen in a nightclub kissing someone who turned out not to be his partner. The place said that he had warned the attendees that his image could be recorded with a sign at the entrance, but, in this case, the AEPD says that they cannot “it cannot be considered that the people who are captured without being aware of their recording have unquestionably consented to the taking of a photograph or video of their physical image because it is possible that not even know that they are being subjected to such treatment.” Therefore, there is no consent and there is no news event to support that these images were released without permission.

As with everything, there are exceptions and normally each case must be analyzed individually to examine which rights prevail. What García does point out is that “the interested party cannot be forced to accept the assignment of the exploitation rights of his image as a ‘sine qua non’ requirement” to access a particular site, such as the first rows of an event. This, too, regardless of whether admission has been paid or the event is free.

Before we go…

We are not technicians or engineers but we have a lot of help from people who are experts in their field to answer your questions. Nor can we tell you which service to use or stop using, we only inform you so that you can then decide which one you want to use and how. Because definitely, together and together it is more difficult for them to slip it.

If you have any questions about this information or any other related to the way you relate to everything digital, send it to us:

In this article, the damn Andrés Olano, a specialist in computer security, has collaborated with his superpowers.

Thanks to your superpowers, knowledge and experience we can fight more and better against lies. The Maldita.es community is essential to stop disinformation. Help us in this battle: send us the hoaxes that reach you on our Whatsapp service, lend us your superpowersspread our denials and become an ambassador.