Bluetooth

A subject can leverage Apple’s native peer-to-peer file sharing protocol, namely AirDrop - to transfer files directly to nearby personal devices over Bluetooth and Wi-Fi Direct. AirDrop operates on both macOS and iOS, and functions entirely outside routed enterprise networks, bypassing traditional firewall, proxy, or DLP controls.

AirDrop sessions are proximity-based, require no shared credentials, and are often enabled by default. When used from a corporate-managed Apple device, AirDrop creates a covert and rapid pathway for off-network data transfer, even when connected to a corporate VPN or secured wireless configuration. Its convenience, invisibility to traditional network monitoring, and inconsistent endpoint logging make it especially attractive to subjects acting opportunistically or preparing for staged exfiltration.

A subject can exploit Android-based peer-to-peer file sharing technologies - most notably Quick Share (on Samsung and Google devices) and Nearby Share (across Android platforms) - to wirelessly transfer files between devices using Bluetooth, Wi-Fi Direct, or ad hoc wireless links. These protocols operate entirely outside routed enterprise networks, bypassing traditional firewall, inspection, and DLP enforcement.

Quick Share now extends beyond Android phones and tablets to support file sharing with Windows devices, including personal laptops not under enterprise management. This creates a seamless, low-friction transfer pathway between corporate mobile endpoints and uncontrolled personal systems — particularly dangerous in BYOD or loosely governed device environments.

As with Apple AirDrop, these tools expand the subject’s capacity to exfiltrate data outside monitored channels, often with minimal visibility or user prompts. They are especially useful to subjects working in shared or home environments, where proximity to personal devices is routine and trusted by default.