At the Def Con 2023 conference held earlier, security expert Jae Bochs demonstrated a special Bluetooth device to try to defraud the Apple ID information of participating iPhone users. This self-developed device consists of a Rasperry Pi Zero 2W computer, two sets of antennas, a Bluetooth socket corresponding to Linux, and a mobile power supply. Bochs said that the cost is about US$70 (about HK$548), and the effective range is about 15 meters.
Costs only $70
Bochs walked around the venue with a special Bluetooth device, and used Apple’s Bluetooth LE protocol to send a signal to the nearest iPhone, popping up a reminder that a simulated Apple TV is nearby. Bochs said he has a way to collect and store an iPhone user’s Apple ID or password if they follow a spoofed signal. In addition to simulating Apple TV, it can theoretically also simulate other devices using Bluetooth LE, such as AirTag or AirPods Pro.
Exploiting Apple Bluetooth Vulnerabilities
He conducted this experiment at Def Con 2023 for two main purposes. The first is to once again reveal the related vulnerabilities of Apple’s Bluetooth LE protocol. Research has discovered this problem as early as 2019, but Apple has not faced up to it and resolved it. The second is to remind iPhone users that turning off Bluetooth in the control center is not completely disabled. Users must manually turn it off in the settings page to actually disable Bluetooth.
source:techtimes