Comment on Apple 'Find My' network can be abused to steal keylogged passwords
hemmes@lemmy.world 1 year ago
This is another example of very specific situations in INFOSEC. It’s unlikely that you will become a victim to this key logger attack. And of course the title suggests that Apple’s Find My network is compromised. This is not the case. But it is being utilized, in this instance, against Apple’s rules and regulations.
The real hack here is that the victim had their keyboard modified or was given a compromised keyboard that broadcasts Bluetooth signals, that are then picked up on the Find My network. It could be transmitted via Cellular, Bluetooth, WiFi, audible sound, monitoring energy differentials, etc. It’s the HMI hardware that’s been compromised. Apple will likely develop updates to their Find My network, but the compromised keyboard could then be modified to use some other service or broadcast methods. Apple fixing the Find My network to recognize bad actors will not prevent this style of attack.
shrugal@lemm.ee 1 year ago
I think the main concern is how easy and ubiquitous it is, while also being pretty hard to detect. No other transmission method lends itself so perfectly to this kind of attack.
hemmes@lemmy.world 1 year ago
Not with Apple’s network anymore apparently. But if you read the original PoC from 2021 they said Amazon’s Echo devices have the same potential.
Ultimately even the researches indicate the slow and unreliable nature of the attack (which no longer works).
shrugal@lemm.ee 1 year ago
I just watched a video by a German tech magazine, with Fabian Bräunlein demonstrating a keylogger using Apple’s Find My network. It’s only 3 days old, so I don’t think the main problem is fixed at all.