• reddig33@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    Sharing which password? If it can only spoof an Apple TV pairing, that doesn’t sound that scary. The tv pairing doesn’t use your Apple ID password — it uses a unique code you set up on the device.

    • remotelove
      link
      fedilink
      arrow-up
      1
      ·
      1 year ago

      Its not just an Apple TV pairing. The issue is that you can just push out Bluetooth advertisement packets and the phone will automatically prompt the user to connect. What I didn’t find in the article is the structure of those advertisements. It seems to imply that you can send arbitrary messages with that connection request that will show on the victim side. The message could say things like, “Enter your password to connect to headphone” or something like that.

      Users are notoriously bad for giving away passwords if you simply ask for them.