Carding
Professional
- Messages
- 2,870
- Reaction score
- 2,511
- Points
- 113
The researcher demonstrated an experiment that unpleasantly surprised many users of apple products.
At Def Con, the world's largest hacker conference, participants are already used to all sorts of experiments with electronic gadgets. For example, to a wall of monitors showing passwords intercepted over the conference's Wi-Fi network. However, this year even experienced hackers were surprised and concerned by messages that pop up on their iPhone asking them to connect an Apple ID or share a password with a nearby Apple TV.
As it turned out, these alerts were part of a research project with two goals. First, remind participants that to completely disable Bluetooth on the iPhone, you must do so from the device settings, and not just disable it in the control center. And secondly, just to have fun and make a joke, according to the author of the experiment, security researcher Jay Box. He walked around the conference grounds with a specially designed device in his bag and caused pop-ups to appear on visitors smartphones.
To conduct the experiment, the Box needed: a Raspberry Pi, two antennas, a Bluetooth adapter and an external battery. With their help, he was able to take advantage of the features of Apple's Bluetooth protocols, which allow the company's devices to "communicate" with each other over short distances. The researcher focused on functions that trigger various actions and notifications on the iPhone screen when other Apple gadgets are nearby.
A clever device for $70
Although the device created by the researcher was not programmed to collect any data from smartphones, in theory it had such a possibility. According to Box, if the owner of the device was an attacker, and not an ethical researcher, then with the help of such a trick, he could intercept Apple IDs, passwords and other confidential information of users.
Box himself believes that Apple is unlikely to change anything in its protocols, since the current behavior of Bluetooth is necessary for compatibility and interaction of the iPhone with other devices in the ecosystem, such as AirPods headphones and Apple Watch smart watches, which is often popularly called "Apple magic".
Perhaps the company could only add a warning in the iOS control center that simply disabling Bluetooth there does not guarantee its complete blocking and protection from such hacker experiments. In order to be completely protected from devices like the one demonstrated by Box at Def Con, iPhone users are advised to turn off Bluetooth through the device settings, and not through the control center.
Apple representatives have not yet responded to requests for comment about this study and possible security measures.
At Def Con, the world's largest hacker conference, participants are already used to all sorts of experiments with electronic gadgets. For example, to a wall of monitors showing passwords intercepted over the conference's Wi-Fi network. However, this year even experienced hackers were surprised and concerned by messages that pop up on their iPhone asking them to connect an Apple ID or share a password with a nearby Apple TV.
As it turned out, these alerts were part of a research project with two goals. First, remind participants that to completely disable Bluetooth on the iPhone, you must do so from the device settings, and not just disable it in the control center. And secondly, just to have fun and make a joke, according to the author of the experiment, security researcher Jay Box. He walked around the conference grounds with a specially designed device in his bag and caused pop-ups to appear on visitors smartphones.
To conduct the experiment, the Box needed: a Raspberry Pi, two antennas, a Bluetooth adapter and an external battery. With their help, he was able to take advantage of the features of Apple's Bluetooth protocols, which allow the company's devices to "communicate" with each other over short distances. The researcher focused on functions that trigger various actions and notifications on the iPhone screen when other Apple gadgets are nearby.
A clever device for $70
Although the device created by the researcher was not programmed to collect any data from smartphones, in theory it had such a possibility. According to Box, if the owner of the device was an attacker, and not an ethical researcher, then with the help of such a trick, he could intercept Apple IDs, passwords and other confidential information of users.
Box himself believes that Apple is unlikely to change anything in its protocols, since the current behavior of Bluetooth is necessary for compatibility and interaction of the iPhone with other devices in the ecosystem, such as AirPods headphones and Apple Watch smart watches, which is often popularly called "Apple magic".
Perhaps the company could only add a warning in the iOS control center that simply disabling Bluetooth there does not guarantee its complete blocking and protection from such hacker experiments. In order to be completely protected from devices like the one demonstrated by Box at Def Con, iPhone users are advised to turn off Bluetooth through the device settings, and not through the control center.
Apple representatives have not yet responded to requests for comment about this study and possible security measures.
