2023-08-16 19:33:37
You know that popup that appears when you bring your iPhone close to an AirPods case or when setting up an Apple TV and that looks like “magic”?
Well, the technology behind this feature also seems to be the source of a security vulnerabilityas shown by an experiment carried out by a researcher at DEF CON — a hacker conference that takes place annually in Las Vegas (United States), known for its high incidence of cyber scams.
People attending the 2023 edition of the event (which took place last week) began to receive strange notifications on their iPhones, with requests to connect their Apple ID to Apple TVs or to use the device to type in some tvOS text field, such as if you were using set-top box. There were not few who received such alerts, in addition to this having happened repeatedly with several gifts.
Friendly reminding to be careful in #Defcon. I keep getting these alerts.
A few days later came the explanation of this mysterious phenomenon, with a researcher’s post Jae Bochs no Mastodon. He created a device that simulates the signal sent by Apple devices, thus pretending to be an Apple TV and sending alerts to connect to nearby iPhones via Bluetooth Low-Energy (BLE), in order to ask users to enter certain data. It’s like a “phishing qualified”.
According to detailed by Bochs to TechCrunchhis contraption was built with a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter and a portable battery, which cost the equivalent of about R$347. He turned the device on, put it in his bag and walked around the conference triggering alerts on the iPhones of people around him.
With a range of up to approx. 15 metros, the device emits customized ad packages to mimic authentic Apple alerts. They work by proximity and, to receive notifications, pairing is not necessary, thus reaching a large number of people. There were approximately 15 possible alerts to be sent, related to various subjects, such as transferring the SIM, updating the software, among others.
Still according to the researcher, the BLE determines the proximity from the strength of the signal, in order to keep it at a low frequency so that the range is not so high, only displaying the notification to the desired user. Bochs, however, maintained the reach with great scope, causing so many people to be alerted.
the vulnerability
The creator of the experiment said that the system he built was not programmed to steal data, but that, by interacting with the alerts and typing passwords, for example, the information could be captured. There is, according to him, a problem known “for a few years”, which allows data such as the phone number and email of the Apple ID to be discovered through notification packages like the ones that were sent.
Bochs stated that his intention with the experiment was to remind people to disable Bluetooth on their iPhones in Settings, as only the Control Center option is not enough to prevent connections like the device he created. In addition, “having a laugh” was also among his goals with the action. To stay safe from threats like the device created by the researcher, however, it would be enough to disable Bluetooth in Settings or activate Blocking Mode.
Yet, even according to a survey done in 2019, the Bluetooth LE protocol used by Apple has flaws that allow small amounts of information to leak. However, they can, in the longer term, be used to identify and monitor devices.
According to Bochs, this vulnerability is a consequence of the operation of the Apple software, to maintain the connection of Apple Watches and AirPods. He suggested that Apple insert, in the Control Center, a notice that the Bluetooth option in that area of iOS still allows the iPhone to interact with devices that send alerts when they are close to the smartphone.
Not satisfied with his experiment this year — which left several people confused and wondering what was going on — Bocs is already considering taking a new action involving the resource NameDrop, of iOS 17, at DEF CON next year. This time, he at least talked about organizing an event commenting on his creation, which should make the situation a little less confusing.
1692217281
#Researcher #creates #device #capable #triggering #alerts #thirdparty #iPhones