• remotelove
    link
    fedilink
    arrow-up
    1
    ·
    1 year ago

    Its not just an Apple TV pairing. The issue is that you can just push out Bluetooth advertisement packets and the phone will automatically prompt the user to connect. What I didn’t find in the article is the structure of those advertisements. It seems to imply that you can send arbitrary messages with that connection request that will show on the victim side. The message could say things like, “Enter your password to connect to headphone” or something like that.

    Users are notoriously bad for giving away passwords if you simply ask for them.