ppietra

xyzzy-xxx said:

Apple should allow alternative App Stores, so it's the user who decides from where to download software.
I believe that 90% of the software would be exactly the same (3rd party vs Apple App Store) but maybe cheaper when bought not from Apple.
The remaining 10% may provide (legal) content that Apple does not like.
Remember: protection from viruses does not come from the App Store but from iOS itself - so it is possible to integrate 3rd party stores in a way that apps installed from there follow the same technical restrictions (for security) as apps installed from Apple's App Store.

Soli said:

ppietra said:

Xed said:

ppietra said:

Xed said:

ppietra said:

Xed said:

ppietra said:

Xed said:

ppietra said:

Xed said:

nicholfd said:

Xed said:

rob53 said:

So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 

As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.

The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)

You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.

That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.

Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.

No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.

Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.

OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
"In no comment did I say that it pairs with another device":
In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.

In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.

Seriously!????????????? Are you trolling me?
To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone

Are you trolling me?

One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.

you should study what NFC scanning entices and what is a network connection! But hey, at least you already forgot all about bluetooth and connecting to the internet.

Networking may be complex in execution but the foundations are universal. Nodes must always connect to other nodes before information and resources can be shared. Networks follow protocols, which define how communications are sent and received. It is impossible to communicate if you're not speaking the same language, which in networking means using compatible protocols and with wireless also requires compatible frequency ranges.

Take for example the GPS in a plane or car that connects with various satellites without the satellites having any indication of the devices that are connecting to them. There's no handshake involved but the devices are still connecting and then retrieving location and timing information from the satellites. Without the connection to the sats there is no way to triangulate.

Xed said:

ppietra said:

Xed said:

ppietra said:

Xed said:

ppietra said:

Xed said:

ppietra said:

Xed said:

nicholfd said:

Xed said:

rob53 said:

So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 

As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.

The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)

You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.

That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.

Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.

No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.

Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.

OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
"In no comment did I say that it pairs with another device":
In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.

In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.

Seriously!????????????? Are you trolling me?
To communicate with each other both need to communicate with each other... seems a very simple concept to grasp! And there are protocols that need to be followed to establish a bluetooth connection. Broadcasting a string is not a bluetooth connection!
Besides the fact that the NFC has nothing to do with Find My network, the NFC chip scanning does not establish any kind of network connection in any way similar with how you pair an headphone

Are you trolling me?

One last time JIC you're really not getting it. Scenario: Someone with aniPhone X finds a lost AirTag. They try to use it to determine who lost it. Will they be able to have the AirTag connect to their device so the AirTag can communicate the URL to their iPhone? No, because it doesn't have the NFC HW, but iPhone 11's and newer can, as well as countless other devices made by other vendors.

Xed said:

ppietra said:

Xed said:

ppietra said:

Xed said:

ppietra said:

Xed said:

nicholfd said:

Xed said:

rob53 said:

So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 

As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.

The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)

You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.

That is not how AirTags work. AirTags don’t connect to any other device other than the owner’s iPhone, neither are AirTags responsible for sending information to servers.
AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it. 
Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing,  and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily.

Of course they do. That's a key to how they securely send their location to your device when you're not within BT range, just like with Tile, Trackr, et al. This isn't a difficult concept to understand. Just because the device isn't showing up on another person's phone doesn't mean the device isn't connecting to the internet via said device.

They will even connect to Android devices which allows AirTag to be scanned which will pop up an alert on the screen that includes a web link (as this researcher did in the article). If it's marked as lost, you'll see instructions on how to contact the rightful owner and get the item back to them.

No they don’t. If you knew anything about how bluetooth works on an iPhone, you would know that there is no connection over bluetooth without pairing, and devices only pair with user authorisation.
The location is securely sent by other iPhones not by the AirTag. The iPhone sees the AirTag "ID", the iPhone knows its own location, the iPhone communicates to Apple encrypted (using the AirTag broadcasted Public Key) location. It is a concept quite easy to understand, that has been around for a few years to find offline Phones!!! For other people devices the AirTag is passive, non connected.
AirTags don’t connect to Android devices. Android devices can scan the NFC chip and get a link to a website, and that is it. Anything else after that doesn’t involve the AirTag, nor does it connect an AirTag to a server.

Being passive doesn't mean it doesn't connect. It's a signal that is going to a device which transmits its ID to a server which then forwards it's ID to its owner along with its location. If it didn't do this there would be such thing as AirTag or Tile. In no comment did I say that it pairs with another device.

Additionally, and yet again, there are other wireless technologies in which more than just iPhones can retrieve data from AirTags. That is very clearly a wireless transmission of data from one device to another and to say otherwise is foolish.

OMG!!! being passive means it doesn’t connect because that is my own description and that is what I meant. There is no signal going through another device! The AirTag is only broadcasting an ID (an alphanumeric string) that anyone can see! It doesn’t interact with other iPhones!!! 
"In no comment did I say that it pairs with another device":
In several comments you mention that the AirTag connects to the internet via another device!!! You can only use another device’s internet if your pair the devices!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! You actually mention a lot the idea that an hacked AirTag could use these devices (iPhones) to connect to servers not from Apple... so clearly you thought that the AirTag could behave in far more complex ways than it actually does.

In networking a connection is when two devices successfully communicate with each other. This does not mean that communication has to be both ways or in the complex ways in which you are obviously assuming. The fact that you admit that a URL is being sent from one device to read by another means they can communicate wirelessly. To conflate with with how you pair headphone with a device.