The loss prevention tag “AirTag” announced by Apple in April could be used for phishing scams. “Krebs on Security,” run by security journalist Brian Krebs, warned on September 28 (local time).
If AirTag is set to “lost mode”, a unique URL for https://found.apple.com will be generated and you own the AirTag there. Allows a person to enter a contact’s phone number or email address.
Krebs warns that this feature could be used to redirect “Good Samaritan” to iCloud phishing pages or other malicious websites. bottom. (A good Samaritan is the Samaritan who helped a lost traveler in the Gospel of Luke 10: 25-37.)
) For example, if a person who finds an AirTag of a lost item scans the AirTag, it will be automatically transferred to the URL.
However, since it is possible to enter any code other than the phone number and email address in the lost mode, for example, the person who scanned the AirTag You may be redirected to a fake iCloud login page or another malicious site.
It’s possible that something other than your phone number or email address is entered on found.apple.com
Security consultant Bobby Rauff explained the issue to Krebs on Security. Rauff reported the issue to Apple on June 20, but Apple hasn’t addressed the issue yet. He told Krebs on Security that he had given him 90 days to open the issue to the public.
“I can’t remember other cases where these low-cost small tracking devices could be weaponized” (Rauf)
The price of one AirTag is $ 29 (3800 yen in Japan).
Mr. Krebs introduced a scenario that actually happened in the past and abused an inexpensive USB drive. An attacker drops a malware-laden USB in the parking lot of a company he wants to hack, and employees think it’s a lost item and connect it to an office PC to break into the network. This actually happened in 2008 in a parking lot at a US Department of Defense facility.
Rauff said the issue may not be the most important issue for Apple, but it should be easy to fix. Apple hasn’t responded to Krebs on Security’s request for comment.
Copyright © ITmedia, Inc. All Rights Reserved.
Note: This article have been indexed to our site. We do not claim ownership or copyright of any of the content above. To see the article at original source
Click Here
FeatWell Car Aromatherapy/Fragrance car Air fresheners/Humidifier Essential Oil Diffuser for Vehicle (Black)
$22.99 (as of July 2, 2024 21:15 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
SOLIPECT 9PC Bitcoin Coin | Physical Bitcoin with Protective Case, Gold Plated Bitcoin for Commemoration, Gifts for Men (Gold)
$9.99 (as of July 2, 2024 21:15 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Carson MicroBrite Plus 60x-120x LED Lighted Pocket Microscope, Portable Handheld Microscope STEM Toy, Mini…
$5.49 (as of July 2, 2024 21:16 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Rain Chime Drum - Rain Drum for Outside Garden, Steel Tongue Drum Rain Chime, 8 Note 6 Inch Chakra Drum for Rain, Waterproof Musical Rain Drum for Garden, Enjoy the Rain Symphony (Stone)
$16.99 (as of July 2, 2024 21:15 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
