It’s been a while since I wrote an “attack of the week” post, and the fault for this is entirely mine. I’ve been much too busy writing boring posts about Schnorr signatures!…
There was a thing called Bump like a decade ago that just disappeared for some reason. Android also had a way to stick phones together and you could just send whatever you had on your screen.
And ever since, sharing between people has become so difficult, nobody uses it. I don't understand why it's had to be this was and that only just now Google and Samsung are getting it together with Nearby Share.
On the bright side, it only affects people who actually use the feature, so as long as your friends aren't being actively followed or AirDropping something in the middle of a protest, you're probably fine.
It does, however, mean you might not want to accept random stuff...
researchers... have used these vulnerabilities to help police to identify the sender of “unauthorized” AirDrop materials, using a technique based on rainbow tables.
Why not just add a timestamp that rotates every, say 5 seconds, to the hashed data?
That would make it infeasible to precompute the table permanently (it would have to be precomputed for a very narrow attack window, which is still better than nothing)