Attendees of the recent DefCon hacking conference in Las Vegas were met with mysterious prompts on their iPhones. These prompts appeared to be requests from a nearby Apple TV seeking approval to sync with their Apple ID or password-protected accounts. However, it was revealed that these messages were actually being generated by a homemade transmitter designed to exploit Apple’s Bluetooth security.
While some attendees found the prank “hilarious but annoying,” others felt “abused” by the intrusion. The individual responsible for the prank, a fellow DefCon attendee named Jae Bochs, explained that their intention was to draw attention to a serious vulnerability in Apple’s Bluetooth security protocols. Bochs, a security researcher, speculated that if a user were to interact with the prompts, it could potentially lead to the transfer of their password.
Bochs recommended that iPhone and Apple product users exercise caution when trusting the “Control Center” feature on devices running iOS until Apple addresses the vulnerability. They suggested that users should fully disable Bluetooth in their device settings rather than relying on the Control Center toggle.
The device used in the prank was created using affordable components including a Raspberry Pi Zero 2 W, a portable battery, two antennas, and a Linux-compatible Bluetooth adapter. Bochs estimated the total cost to be around $70.
The prank relied on a weakness in Apple’s Bluetooth low energy protocols, which allow Apple devices to connect with nearby devices. Bochs pointed out that these protocols utilize lowered transmit power to keep the connection range short. However, their device extended the range to 50 feet, allowing them to target unsuspecting DefCon attendees.
Bochs clarified that their device only emitted Bluetooth advertisement packets and didn’t collect any data. However, they noted that a similar device could potentially be used maliciously to gather personal user data. Bochs expressed a desire to develop a new proof-of-concept device to explore security vulnerabilities in Apple’s upcoming “NameDrop” feature.
DefCon is known for its unconventional pranks, and some attendees praised Bochs’ stunt as a classic example of the conference’s antics. However, others raised concerns about the intrusion and suggested that complaints should be directed towards Apple.
In the end, the prank served as a reminder that even seemingly secure technologies like Bluetooth can be susceptible to exploitation, highlighting the importance of ongoing security efforts in the tech industry.
Denial of responsibility! VigourTimes is an automatic aggregator of Global media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, and all materials to their authors. For any complaint, please reach us at – [email protected]. We will take necessary action within 24 hours.
