Apple’s “Find My device” function for helping people track their iOS and macOS devices can be exploited to transfer data to and from random passing devices without using the internet, a security researcher has demonstrated.
Security researcher Fabian Bräunlein with Positive Security developed a proof of concept, using a microcontroller and a custom MacOS app, that can broadcast data from one device to another via Bluetooth Low Energy (BLE). Once connected to the internet, the receiving device can then forward the data to an attacker-controlled Apple iCloud server.
Read more…
Source: ThreatPost