$70 device can spoof an Apple device and trick you into sharing your password
A researcher built a $70 contraption designed to send pop-up prompts to nearby iPhones, which could trick targets into giving away their password.
[ comments | sourced from HackerNews
This is the best summary I could come up with:
The other was “to have a laugh,” according to Jae Bochs, the security researcher who said they walked around the conference triggering these pop ups with a custom made device.
Bochs told TechCrunch that all they needed for this experiment was a contraption consisting of a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter, and a portable battery.
“Proximity is determined by BLE signal strength, and it seems most devices intentionally use lowered transmit power for these to keep the range short.
Unlike real Apple devices, his contraption wasn’t programmed to collect any data from nearby iPhones, even if the person tapped and accepted the prompts.
The researcher said these issues are already known, at least since a 2019 academic paper that studied Apple’s Bluetooth Low Energy protocol and concluded that there are “several flaws” that “leak device and behavioral data to nearby listeners.”
“Individually, each flaw leaks a small amount of information, but in aggregate they can be used to identify and track devices over long periods of time,” the researchers wrote in the paper.
I'm a bot and I'm open source!
