Fogbow

They decided it was to their advantage to keep iMessage because it would force families to buy iPhones when kids got a phone.

tek wrote: ↑Sat Mar 30, 2024 11:42 am

They decided it was to their advantage to keep iMessage because it would force families to buy iPhones when kids got a phone.

The raging capitalist's version of "competition"

The bubbles will still be green.

New Apple Wi-Fi Vulnerability Exposes Real-Time Location Data
Apple Wi-Fi vulnerability risks real-time location leaks; researchers demonstrate potential covert tracking with AirTags.

Monday, May 27, 2024

Aside from Find My, maps, routes, and emergency SOS, Apple's location services are quite handy, and they have many useful features. A research team at the University of Maryland has uncovered a critical vulnerability in Apple's location services, which might allow an unauthorized person to access the location information of millions of routers and potentially even information about a person's movements in a matter of seconds.

It has been reported that Erik Rye and Dave Levin from the University of Maryland have found that Apple's location services are working strangely, according to Krebs on Security. It is possible to sneak information from one place to another using a passing Apple device, such as a computer on the other side of the world, over the air, without any other connection to the internet at all.

Using Bluetooth Low Energy (BLE) broadcasts and microcontrollers programmed to function as modems, Fabian Bräunlein, co-founder of Positive Security, devised a way of transmitting a limited amount of arbitrary data from devices without an internet connection to Apple's iCloud servers. Using a Mac application, he can retrieve data from the cloud and subsequently use a Mac application to retrieve that data from the cloud. His proof-of-concept service Send Me was dubbed in a blog post that he wrote on Wednesday.

As a crowd-sourced location-tracking system, the Find My network on Apple devices functions as a crowdsourced location-tracking tool when it is enabled. Participating devices broadcast via BLE to nearby attentive Apple devices, which relay the data back to Cupertino's servers through their network connection to Cupertino's servers via their network connection. Through Find My iPhone, an iOS/macOS version of the company's Find My app, authorized device owners will be able to receive location reports about enrolled hardware using iCloud.

To reduce energy consumption, smartphone manufacturers are trying to use alternatives to GPS and its constant queries. To determine the precise location of a device, it is necessary to analyze the data from surrounding Wi-Fi networks and calculate a device's location based on the number of networks that are detected and how strong the signal is at the moment. In Apple’s and Google’s databases, active Wi-Fi networks are used as names for active networks (Wi-Fi-based Positioning Systems, also known as WPS) to make calculations a great deal of time.

Researchers discovered that Apple's WPS system had an oddity: it sent the necessary data to the user's device, which enabled the user to make these calculations locally, as opposed to sending the necessary data to the server on the user's computer. Apple's WPS server also appears to be sending out up to 400 other known Wi-Fi networks in the approximate vicinity of the device as part of its location database that has been crowdsourced by users of the app.

From this list, the requested device searches for eight possible variants and then calculates its location by that data. WPS technology on Apple's iOS device, the router on which the network is based, and the MAC address of the device are all identified using the so-called BSSID (Basic Service Set Identification) and are usually accompanied by a MAC address, which is usually static. ESP32 microcontrollers running OpenHaystack-based firmware were used by Bräunlein as the basis of his data exfiltration scheme because it was able to broadcast a hardcoded default message and to listen to new data over the serial port.

The signals will be picked up by nearby Apple devices that are using Find My Broadcasting and transmitted to Apple's servers if they have this feature enabled. It is necessary to use an Apple Mail plugin that is running with elevated privileges to obtain the location data from a macOS device, as Apple requires authentication to access location data stored on Macs. For the user to be able to view unsanctioned transmissions, OpenHaystack must also be installed as well as DataFetcher, which was developed by Bräunlein under the Mac OS X platform.

This is not exactly a high-speed attack since Send Me does not have a lot of speed. Considering that the microcontroller can send three bytes per second and can retrieve sixteen bytes in five seconds, along with latency ranging from one to sixty minutes depending on the number of devices in the vicinity, there are certainly faster channels of data transmission than what is available through the microcontroller. The fact that Send Me can be used by sophisticated adversaries does not make it impossible for an adversary could find a way to exploit it.