ppietra
About
- Username
- ppietra
- Joined
- Visits
- 66
- Last Active
- Roles
- member
- Points
- 1,515
- Badges
- 2
- Posts
- 288
Reactions
-
AirTag hacked and reprogrammed by security researcher
Xed said:nicholfd said:Xed said:rob53 said:So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags.
This is an impressive accomplishment for a product that has been out for a week, and to neither see nor acknowledge this blows my mind.
We have no idea what else could be done in the future. Nefarious users could figure out was to have it bypass sending or receiving data from Apple altogether, which could make this a very useful tool for certain people.
While I doubt we'll see many doing this, that's not the point for even one person using these in an unintended way for evil is worth protecting against, so I hope Apple can push a way to protect the HW soon.
The AirTag receives nothing from Apple - it only receives data from Apple devices (probably only the device it is paired with.)
To put another way, these do function as ad-hoc devices with BT and UWB when you're within range, but they also work over the internet with your iCloud account so you can locate these trackers when you aren't in range by having them link to other devices securely which will forward their location to Apple which will let you know where they were found.
AirTags only broadcast a Bluetooth ID for other Apple’ devices to see. It’s the iPhones and iPads in the network that communicate with Apple servers, and once there is a request for an AirTag they probably receive the associated Public Key to encrypt its location so that the owner can discover it.
Just pay attention to the fact that devices cannot establish a Bluetooth connection without first pairing, and strange devices don’t pair without user consent... Not only would it be a very high security risk to create ad-hoc connections with strange devices, it would also easily saturate bluetooth connections making it impossible for people to use their own devices and increasing power consumption unnecessarily. -
Apple posts record $89.6B in Q2 revenue on back of across-the-board growth
seankill said:All those stimulus checks going to electronics. -
Tile bemoans Apple AirTags launch, raises antitrust concerns
-
Apple witness says company would need to modify software, hardware to support third-party ...
FileMakerFeller said:Mueller is at least knowledgable about this sort of thing, but he comes from an open source background. He has declared his intentions to only publish Android apps because he disagrees with the Apple approach. He's right that the MDM approach isn't suitable for widely-distributed software (this is by design!), but I would have expected him to recall the Facebook brouhaha involving their "Enterprise" software certificate being used to bypass App Store restrictions (e.g. https://www.cnbc.com/2019/01/29/facebook-paying-users-to-install-app-to-collect-data-techcrunch.html) - so it's definitely possible if the end result is valuable enough to you.
And, oddly enough, I agree with Tim Sweeney on this single point - it is technically feasible for Apple to allow Third Party App Stores by using the Enterprise Developer Program. But I wouldn't want Apple to be forced to change that Program because of the safeguards it provides - the user must explicitly accept that they do not have full control over their device with respect to the apps that can be installed on it. Ironically, users need to implicitly accept that they don't have full control over their device anyway when they buy it. But the key point is that users make an informed choice, both at point of purchase and at the point of profile installation (although, frankly, for corporate use it's far better to have the corporation own the device and simply make parts of its functionality available to its employees).
Apple would have to completely review the system security to account for these kind of changes, since a lot was done without accounting for this level of flexibility!
-
Apple witness says company would need to modify software, hardware to support third-party ...
Being able to install apps outside of the AppStore doesn’t mean that the System supports another store from another company, it only means that Apple supports some of its signed developers doing distribution, with Apple keys.
Another store would have its own security mechanisms and its own keys, which means that Apple would have to make sure that the system supports different app management, keys from different stores, etc! Probably Apple would want to change hardware to make sure that its own keys aren’t compromised.