(Image credit: Tom's Guide / John Velasco)

Security researchers have just uncovered a flaw in Apple AirDrop and Android's Quick Share that could be exploited by hackers from as far as 30 meters (98.4 feet) away. Apparently the severity of these security flaws mean up to five billion active devices could be at risk.Researchers at the CISPA Helmholtz Center for Information Security uncovered the issues, after taking apart AirDrop and Quick Share to see how Android and iOS deal with wireless transfers. Each transfer system runs as a "highly privileged service in the background" which then wakes up when a second compatible device comes into its vicinity.This is due to the fact that both systems are designed to run seamlessly, and in the process sacrifice security for convenience. The exploits run differently on each platform, though. They are different protocols, despite recent changes that offer interconnectivity, so that makes a lot of sense.How the flaws work

(Image credit: Apple)For Apple the big takes advantage of the background daemon that has control over AirDrop, AirPlay, Handoff, Continuity Camera and Apple's universal clipboard. A single malformed request can crash the whole system, and should a hacker repeatedly continue making those requests they can lock down all those features and effectively hold your devices hostage.For Quick Share, researchers tested a connection between the Galaxy S23 Ultra and the Quick Share app on Windows. During this, they were able to uncover logic bypasses that allowed attackers to skip over authentication steps. This means that hackers can force a connection over Quick Share, keep it alive and feed the server attacker-supplied addresses.Despite the fact that the two protocols don't share any code, the root cause of these security flaws is the same. As researchers put it, "security-critical invariants were not enforced at a single boundary." Essentially, the push to make AirDrop and Quick Share more convenient meant that background processes ended up being exposed to hackers before senders' identity can be verified.The good news is that these attacks aren't putting your personal data at risk. Instead it allows attackers to deny your ability to use certain features so long as they remain in close-enough proximity. This is more of a nuisance than anything else, though depending on where you are and what you're doing, it might just be enough to ruin your workflow.Get instant access to breaking news, the hottest reviews, great deals and helpful tips.What happens next?