This $70 device can spoof an Apple device and trick you into sharing your password
Attendees at Def Con, one of the world’s largest hacking conferences, are used to weird shenanigans, such as a seemingly innocuous wall of computer screens that display people’s passwords sniffed over the conference Wi-Fi network. But at this year’s event, even conference veterans were confused and concerned when their iPhones started showing pop-up messages prompting them to connect their Apple ID or share a password with a nearby Apple TV.
As it turned out, these alerts were part of a research project that had two goals.
One was to remind people that to switch off Bluetooth on an iPhone, you have to dig into the Settings app and not just tap it off on the quick-access Control Center, which is displayed by swiping down from the top right corner of the iPhone.
The other was “to have a laugh,” according to Jae Bochs, the security researcher who said they walked around the conference triggering these pop-ups with a custom-made device.
“I had it in my bag throughout linecon [an informal term that refers to the time spent in line at a conference], vendor areas, and when I was walking around. I tried to remember to disconnect it if I was hanging out for a talk,” Bochs said.
Bochs told TechCrunch that all they needed for this experiment was a contraption consisting of a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter, and a portable battery.
Bochs estimated that this combination of hardware, excluding the battery, costs around $70 and has a range of 50 feet, or 15 meters.
