ppietra

Xed said:

nicholfd said:

Xed said:

rob53 said:

So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags. 

As the article mentioned, he can flash (i.e.: rewrite) the microcontroller and the wires are only used for power.

This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.

We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.

While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.

The AirTag sends nothing to Apple.  The Apple iPhone/iPad/AppleWatch(?) picks up a unique BT ID, and THAT device talks to Apple.  All the AirTag does is broadcast its ID via BlueTooth for other Apple devices to pick up.

The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)

You really need to read up on how these tags (and others like it) work. They very clearly send data to Apple's servers as you can easily verify from your own AirTag or any number of articles and videos detailing how these work.

To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.

seankill said:

All those stimulus checks going to electronics. 

FileMakerFeller said:

Mueller is at least knowledgable about this sort of thing, but he comes from an open source background. He has declared his intentions to only publish Android apps because he disagrees with the Apple approach. He's right that the MDM approach isn't suitable for widely-distributed software (this is by design!), but I would have expected him to recall the Facebook brouhaha involving their "Enterprise" software certificate being used to bypass App Store restrictions (e.g. https://www.cnbc.com/2019/01/29/facebook-paying-users-to-install-app-to-collect-data-techcrunch.html) - so it's definitely possible if the end result is valuable enough to you.

And, oddly enough, I agree with Tim Sweeney on this single point - it is technically feasible for Apple to allow Third Party App Stores by using the Enterprise Developer Program. But I wouldn't want Apple to be forced to change that Program because of the safeguards it provides - the user must explicitly accept that they do not have full control over their device with respect to the apps that can be installed on it. Ironically, users need to implicitly accept that they don't have full control over their device anyway when they buy it. But the key point is that users make an informed choice, both at point of purchase and at the point of profile installation (although, frankly, for corporate use it's far better to have the corporation own the device and simply make parts of its functionality available to its employees).