Pierluigi Paganini August 21, 2023

White hat hackers at the recent hacking conference Def Con demonstrated how to spoof an Apple device and trick users into sharing their sensitive data.

At the recent Def Con hacking conference, white hat hackers demonstrated how to spoof an Apple device and trick users into sharing their sensitive data.

As reported by Techcrunch, attendees at the conference using iPhones started observing pop-up messages prompting them to connect their Apple ID or share a password with a nearby Apple TV.

The security researcher who goes by Jae Bochs said on Mastodon that the messages were part of their research project.

“Also to offer some reassurance: this was built with two purposes – to remind people to *really shut off* Bluetooth (I.e. not from control center) and to have a laugh.” explained Bochs.

He added that no data was collected and that he was just sending out Bluetooth low energy (BLE) advertisement packets that don’t require pairing.

Bochs used cheap equipment composed of a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter, and a portable battery.

“Bochs estimated that this combination of hardware, excluding the battery, costs around $70 and has a range of 50 feet, or 15 meters.” reported TechCrunch.

“Proximity is determined by BLE signal strength, and it seems most devices intentionally use lowered transmit power for these to keep the range short. I don’t :),” Bochs told TechCrunch.

Bochs focused on “proximity actions,” which appear on an iPhone screen when two devices are close to each other.

He created a proof-of-concept to build a custom advertisement packet that mimics BLE signal emitted by devices such as the Apple TV. Basically, he spoofed an Apple device that tries to repeatedly connect to nearby devices and triggers the pop-ups.

In a real attack scenario, upon tapping and accepting the prompts it will allow threat actors to collect some data from the packets, including phone number, Apple ID email, and current Wi-Fi network.

Even if users tap on the Bluetooth icon, their iPhones will continue to receive proximity actions.

Bochs speculate that these flaws were “certainly by design” to allow smartwatches and headphones to keep working with Bluetooth toggled and Apple won’t address them.

The expert recommends turning Bluetooth off in the device settings to protect the device.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

Pierluigi Paganini

(SecurityAffairs – hacking, iPhone)