AirTags, Apple powered by Bluetooth automation, designed with good intentions: Helps to combine key elements such as keys and properties to aid in monitoring. However, these tools also appear to come with a small design that would allow an inexperienced person to use them aggressively.
Bobby Rauch, an entry-level researcher and security analyst, recently connected with a cyber security blogger Brian Krebs Among the findings that would allow the following weapons to be used as a vector for kidnappings and robberies. This attack, which uses Apple’s method “Lost Path” Once established, it can point to a good Samaritan all of a sudden — someone who has found AirTag left in a public place and wants to return the item to its owner.
When missing, AirTags can see from a distance through Apple Find my app, but a person who finds a lost note also helps to return it to its owner. AirTag can be analysis via NFC readers for iPhone or Android, and if AirTag is installed in “The Lost Path, ”Will automatically reveal to the recipient any information about the device. AirTag owners can set this up via Find My plus a phone number or email and they can also post a short message — perhaps something up to the point, “Hey, this is mine, please go back to XYZ.” When someone finds and searches for AirTag, they simply move their phone to a special link that displays the owners’ information and message. Thus, it is a similar concept to dog tags, which often come with the knowledge of how to restore a lost pooch.
However, while this is an important goal, it opens the door to the Good Samaritan to fight him. This is because at the moment there is nothing to stop the owner of the AirTag from signing on the device’s product portfolio. Sleep. Such codes can be used to send AirTag hackers to a fraudulent web site or other malicious web site designed to fulfill their credentials or to steal their personal information, Rauch recently told Krebs. Ideally, an illegal hike could buy AirTags with the intention of turning them into bad Trojans, and then leaving them scattered around for an unsuspecting person to take over.
Krebs properly compares this is an old trick in which hackers leave a nondescript driver nearby – often at a company parking lot or in another public place. Finally, a curious, frustrated person picks up the USB drive and plugs it into their computer, thus silently removing any malicious software that is hidden inside. Similarly, a bad player can leave AirTags lying around with one or two items, and just wait for someone to pick them up and try to get their owner back.
Apple has apparently been slow to respond to this issue. Rauch, who discovered the exploit, told Krebs that he approached the company in June and that he blew up. For three months, Apple’s agents simply told Rauch that he was “still investigating” his allegations, but he would not volunteer to make a public statement or tell him if he deserved it. bug bounty program. Finally, when Rauch arrived in Krebs last Friday, the company returned to him and said he wanted to fix the virus as soon as possible. He also asked her not to announce her findings.
However, Rauch has now done this, writing his own blog explains how the operation works: “An attacker can make armed AirTags, and leave them, harassing innocent people who are just trying to help someone find a lost AirTag,” he writes.
We went to Apple to get feedback on all of this. At the time of publication, he had not yet returned to us. We will change the subject if they respond.