- Security researcher Jae Bochs used a $70 setup at the 2023 Def Con to send custom alerts to the conference attendees’ iPhones.
- The experiment exploited Bluetooth LE services, asking device owners to share passwords or allowing devices to provide access.
Attendees at Def Con 2023, a renowned conference for hackers, were in for a surprise when iPhones at the venue started to display pop-up messages prompting the attendees to share their Apple ID and passwords with Apple TVs nearby.
Later, it was revealed that these alerts were part of a research project by security researcher Jae Bochs to raise awareness about an unobtrusive vulnerability in iPhone Control Center settings.
Primarily, the project was used to remind iPhone users that turning off WiFi or Bluetooth on an iPhone requires the user to go to the Settings menu rather than using toggle controls in the Control Center. Using the Control Center results only in disconnecting any device accessing the Bluetooth network.
Bochs conducted the experiment with a low-tech $70 custom device. The setup included two antennas, a portable battery, a Linux-compatible Bluetooth adapter, and a Raspberry Pi Zero 2 W. The device could affect devices in a 50 feet radius.
The experiment was conducted by leveraging Bluetooth Low Energy protocols, allowing the custom device to mimic signals normally transmitted by Apple TVs. Jae Bochs stated that sensitive data, including Apple ID email addresses, WiFi network data, and phone numbers, could be extracted through the exploit.
Using the Settings app to shut down Bluetooth and WiFi features is the recommended method to mitigate these risks.
What measures do you take to secure your Apple devices? Let us know your thoughts on LinkedInOpens a new window , X (Twitter)Opens a new window , or FacebookOpens a new window . We’d love to hear from you!
Image source: Shutterstock