The loss prevention tag “AirTag” announced by Apple in April could be used for phishing scams. “Krebs on Security,” run by security journalist Brian Krebs, warned on September 28 (local time).
If AirTag is set to “lost mode”, a unique URL for https://found.apple.com will be generated and you own the AirTag there. Allows a person to enter a contact’s phone number or email address.
Krebs warns that this feature could be used to redirect “Good Samaritan” to iCloud phishing pages or other malicious websites. bottom. (A good Samaritan is the Samaritan who helped a lost traveler in the Gospel of Luke 10: 25-37.)
) For example, if a person who finds an AirTag of a lost item scans the AirTag, it will be automatically transferred to the URL.
However, since it is possible to enter any code other than the phone number and email address in the lost mode, for example, the person who scanned the AirTag You may be redirected to a fake iCloud login page or another malicious site.
It’s possible that something other than your phone number or email address is entered on found.apple.com
Security consultant Bobby Rauff explained the issue to Krebs on Security. Rauff reported the issue to Apple on June 20, but Apple hasn’t addressed the issue yet. He told Krebs on Security that he had given him 90 days to open the issue to the public.
“I can’t remember other cases where these low-cost small tracking devices could be weaponized” (Rauf)
The price of one AirTag is $ 29 (3800 yen in Japan).
Mr. Krebs introduced a scenario that actually happened in the past and abused an inexpensive USB drive. An attacker drops a malware-laden USB in the parking lot of a company he wants to hack, and employees think it’s a lost item and connect it to an office PC to break into the network. This actually happened in 2008 in a parking lot at a US Department of Defense facility.
Rauff said the issue may not be the most important issue for Apple, but it should be easy to fix. Apple hasn’t responded to Krebs on Security’s request for comment.
Copyright © ITmedia, Inc. All Rights Reserved.
Note: This article have been indexed to our site. We do not claim ownership or copyright of any of the content above. To see the article at original source
Click Here
Aqua Original 4-in-1 Monterey Hammock Pool Float & Water Hammock – Multi-Purpose, Inflatable Pool Floats for Adults – Patented Thick, Non-Stick PVC Material
$16.99 (as of July 4, 2024 21:15 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
SAMSUNG Galaxy S24 Ultra 5G Factory Unlocked 256GB - Titanium Black (Renewed)
$949.99 (as of July 4, 2024 21:15 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Hearth and Homestead: Handmade "Blue Outback" Australian Whipped Tallow Balm with Emu, Jojoba, Sandalwood, and Blue Cypress - 1.3 oz -
$47.00 (as of July 4, 2024 21:17 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Apple AirPods (2nd Generation) Wireless Ear Buds, Bluetooth Headphones with Lightning Charging Case Included, Over 24 Hours of Battery Life, Effortless Setup for iPhone
$74.34 (as of July 4, 2024 21:15 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
