LimitedResults was then able to connect a debugger to the debug port (which ought to have been unresponsive) and dump a copy of the firmware that was supposed to be shielded from prying eyes.Īdditionally, because the two-way debug port was now active, the unlocked device could be controlled as well as snooped upon. Too little interference, and nothing would happen too much electrical tampering, or the right amount of tampering at the wrong time, and the chip would simply fail to boot at all.īut with just the right sort of microsecond-sized power glitch supplied at just the right time, LimitedResults was effectively able to “blank out” the chip commands that were supposed to suppress debugging, while leaving everything else unaffected so that the system nevertheless continued running. Last year, however, an intrepid cybersecurity researcher known only as LimitedResults figured out (and wrote up a fascinating description of) a way to stop the chip turning off its built-in debugger by injecting a carefully-chosen burst of electrical interference into the power supply during startup.
AIRATTACK HACK SERIES
In the nRF52xxx series of chips, an additional anti-hacking feature known as APPROTECT, short for Access Port Protection, can also be activated at startup to prevent the contents of the firmware from being read out. In particular, the hardware used in the AirTag, an nRF52832 microcontroller, can be set during bootup into a special mode that prevents any of the real-time chip-control features, such as debugging, being used.
AIRATTACK HACK SOFTWARE
Notably, the firmware (the miniature operating system and software programmed into the device) is supposed to be locked down so it can’t be peeked at in the first place, let alone modified to run alternative code. (We don’t have an AirTag to practise with, but apparently you can choose to reveal personal information such a phone number via the tracking URL, but we assume that nothing about your identity is revealed by default, so that lost items can be reported anonymously.)Īs you probably expected to hear, AirTags are meant to be resilient against hacking, or jailbreaking as it is commonly called on Apple devices. If someone else swipes an NFC-enabled phone near an AirTag, it presents them with a supposedly anonymous URL pointing to the Apple server, where they can report the misplaced item.
AIRATTACK HACK BLUETOOTH
To stop your tags being used as a permanent tracking tool for anyone who’s stalking you, the Bluetooth identifier swaps itself around every few minutes, like the Bluetooth beacons used in the Apple-and-Google privacy-preserving “exposure notification” interface that was introduced for coronavirus infection tracking.
Products like the AirTag also announce themselves with regular Bluetooth beaconing transmissions, just like your phone does when it’s in discoverable mode. Unlike their last-millennium sonic counterparts, however, modern tracking tags come with loads more functionality, and therefore present a correspondingly greater privacy risk.Īrmed with wireless connectivity in the form of Bluetooth and NFC, modern tags don’t just respond neutrally with a beep-beep-beep when you send them an audio signal and they’re within range. If you remember those whistle-and-they-bleep-back-at-you keyrings that were all the rage for a while in the 1990s, well, this is the 21st century version of one of those. The AirTag is a round button about the size of a key fob that you can attach to a suitcase, laptop or, indeed, to your keys, to help you find said item if you misplace it.
Apple recently announced a tracking device that it calls the AirTag, a new competitor in the “smart label” product category.
0 kommentar(er)
