$70 Hacker Device Spoofs Apple Smartphones Into Sharing Password: Here's How It Works

Find out more about the spoofing device.

While the most common form of hacking can sometimes be considered phishing, there are those that use a spoofing device to increases the accuracy of how bad actors can steal from individuals. A particular spoofing device that was capable of penetrating Apple devices was spotted selling for just $70.

Def Con Incident Saw a Spoofing Device Trying to Get Information with Notifications on a Person's Apple Device

According to the story by Tech Crunch, during Def Con, considered among the largest hacking conferences in the world, and other interesting tech things, some participants noticed how their iPhones started showing messages of how they were encouraged to connect their Apple ID or share passwords.

With that, the iPhone owners said that they would get pop-up messages suggesting that they should promote their Apple ID or even share a password to what was said to be a "nearby Apple TV." The notification was shared on Twitter, or X, by Jaime Blasco, who warned about the alerts during Defcon.

The Incident was Actually Part of a Research Project that had Two Main Missions

While this caused quite the alarm, they were actually part of a research project that had two particular missions. The first mission was to remind people to turn off their iPhone's Bluetooth while the second one, according to a security researcher, was purely for laughs.

Jae Bochs, the security researcher who walked around the conference while causing these pop-ups, said that he had a spoofing device in his bag and tried to walk around. He then said that he ensured to turn it off whenever he was hanging out or talking.

The Spoofing Device Used a Raspberry Pi Zero 2 W and Other Technologies

Bochs then described how the experiment was carried out, telling Tech Crunch that all he needed for the spoofing device was two antennas, a Raspberry Pi Zero 2 W, and a few other pieces of technology.

The additional components of the spoofing device include a portable battery and a Bluetooth adapter that is compatible with Linux devices. The security researcher said that in order to create the device, it would cost around $70.

Spoofing Hardware had a Range of 15 Meters of Communication Between the Devices

The spoofing hardware had a range of 15 meters and the communication between the hardware and devices happened due to Bluetooth low energy or BLE protocols. Bochs said that proximity actions were the focus of the hardware, only activating if the Apple devices were near.

Bochs said that they were able to create a proof-of-concept that creates custom advertisement packets capable of mimicking the Apple TV while constantly coming out with low power. This is far from how real Apple devices were designed, which aren't programmed to get any data from nearby Apple devices.

The researcher then highlighted how the issues were already known with a study of the risks of Apple's BLE protocol being highlighted in a 2019 academic paper. The paper concluded that there were multiple flaws and that device and behavioral data could be leaked.

Tech Times
Tech Times Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics