A cheap Bluetooth transmitter can spoof some iPhone notifications
Affiliate Disclosure If you buy through our links, we may get a commission. Read our ethics policy . A cheap Bluetooth transmitter can spoof some iPhone notifications Evan Selleck | Aug 16, 2023 This cheap device can spoof an Apple TV 0 Facebook Twitter Reddit Walking around a conference dedicated to hacking devices and software typically means seeing all sorts of real world attacks, albeit in a specialized setting. And as some attendees discovered this year, it can also mean personal data is potentially up for grabs at any given moment. Take, for example, a research project put together by Jae Bochs shows just how easy it is to take advantage of Apple's own utilization of Bluetooth Low Energy, or BLE, to try and nab a user's information. Bochs's project had a couple of purposes, the first being to remind folks that simply using Control Center to disable Bluetooth doesn't actually get the job done . The second was to simply have a laugh as Bochs walked around the conference, stood in lines, and visited vendors. They did try to remember to turn their device off if they stopped to have a chat with someone, though, according to TechCrunch . The device is a combination of several elements, like a Raspberry Pi Zero 2 W, a Linux-compatible Bluetooth adapter, a couple of antennas, and an external battery. All told, Bochs says it costs around $70, which means a relatively inexpensive device can quickly cause some specific havoc on Apple devices within 50 feet. It comes down to communication between devices, which at this point Apple relies heavily on for its ecosystem. By tapping BLE, devices like iPhones can talk to one another when they get within a set range, which can then prompt "proximity actions." The device causes these actions, so as Bochs walked around the conference he was able to send a prompt to nearby iPhones asking them to auto-fill their password into a nearby Apple TV . Despite the fact there wasn't an Apple TV near them. Luckily, Bochs's device wasn't built to attain any personal information, even if someone did tap on the prompt and insert their password for some reason. However, he does say there is a possibility where that could happen. "If a user were to interact with the prompts, and if the other end was set up to respond convincingly, I think you could get the victim' to transfer a password. There's an issue known for a few years where you can retrieve phone number, Apple ID email, and current Wi-Fi network from the packets." Apple is aware of the issue, and has been since 2019. However, Bochs does not expect the company to do anything about it because so little information can be shared through this process, and it's an integral feature to the Apple ecosystem as a whole. Bochs does suggest Apple could offer a better prompt for users, letting them know what's happening when they tap the Bluetooth icon in Control Center. How to protect yourself from this kind of attack This is all about situational awareness. Bluetooth isn't known for being particularly great for security purposes, but in this particular situation it comes down to knowing your environment. As Bochs notes, this particular moment is for the laughs, because it's an Apple TV prompting for a password at a hacker convention. It's obviously not any one person's personal Apple TV, so if you see this or similar while out, obviously don't input your password. However, out in the real world a similar prompt could pop up, which means the individual needs to be aware what personal devices are being carried, like an AirTag or pair of AirPods Pro. If a random device starts prompting you for a password, the safe bet is to ignore it entirely, especially if you don't recognize it. As a reminder, the only way to fully disable Bluetooth or Wi-Fi is to do so in the Settings app. A cheap Bluetooth transmitter can spoof some iPhone notifications At Def Con 2023, some attendees were shown in real-time how a relatively cheap device leveraging Bluetooth flaws can force bogus notifications and potentially get the user to surrender sensitive data. Apple TV+ romantic sci-fi film 'Fingernails' sets premiere date First announced in 2022, the upcoming romantic sci-fi film "Fingernails" finally launches in early November on Apple TV+. Probable iPhone 15 spotted on India regulatory database A previously unknown Apple device with model number A3094 has been listed on an India regulatory agency website, ahead of the expected iPhone 15 launch. Moment debuts 8 new iPhone lenses as part of T-Series overhaul Photography powerhouse Moment has debuted a whole new series of mobile lenses for iPhone and Android, releasing eight new lenses with multiple improvements to up your camera game. CrossOver update brings EA and DirectX 12 game support to Mac CrossOver 23 now lets Mac and Linux users play Windows games from EA, or which rely on DirectX 12, while its new geometry shader support allows games to play without graphics issues. Apple TV+ reveals 'The Buccaneers' to stream from November Apple TV+ has released the first images of its take on Edith Wharton's "The Buccaneers," and revealed it will premiere on November 8, 2023. Everything new in iOS 17 developer beta 6 The sixth developer beta of iOS 17 is out, and includes plenty of changes, including reverting a major UI change that caused plenty of user backlash. Adobe Express with AI Firefly app is available worldwide Adobe has taken its Adobe Express with Firefly web app out of beta, and its AI-powered image tools are now available online, with a mobile version "coming soon." {{ title }} {{{ rumorScoreMarkup }}} {{ summary }}