Comment

Comment on Apple 'Find My' network can be abused to steal keylogged passwords

shrugal@lemm.ee ⁨10⁩ ⁨months⁩ ago

I think the main concern is how easy and ubiquitous it is, while also being pretty hard to detect. No other transmission method lends itself so perfectly to this kind of attack.

source

Sort:hotnew top

hemmes@lemmy.world ⁨10⁩ ⁨months⁩ ago

The potential to abuse Find My to transmit arbitrary data besides just device location was first discovered by Positive Security researchers Fabian Bräunlein and his team over two years ago, but apparently, Apple addressed this problem.

Not with Apple’s network anymore apparently. But if you read the original PoC from 2021 they said Amazon’s Echo devices have the same potential.

Ultimately even the researches indicate the slow and unreliable nature of the attack (which no longer works).

Small complication: public key validity. Having implemented both the sending and receiving side, I performed a first test by broadcasting and trying to receive a 32 bit value. After a few minutes, I could retrieve 23 out of the 32 bits, each one being unambiguous and with ~100 location reports, but no reports for the remaining 9 bits.

source
- shrugal@lemm.ee ⁨10⁩ ⁨months⁩ ago
  I just watched a video by a German tech magazine, with Fabian Bräunlein demonstrating a keylogger using Apple’s Find My network. It’s only 3 days old, so I don’t think the main problem is fixed at all.
  
  source