The loss prevention tag “AirTag” announced by Apple in April could be used for phishing scams. “Krebs on Security,” run by security journalist Brian Krebs, warned on September 28 (local time).
If AirTag is set to “lost mode”, a unique URL for https://found.apple.com will be generated and you own the AirTag there. Allows a person to enter a contact’s phone number or email address.
Krebs warns that this feature could be used to redirect “Good Samaritan” to iCloud phishing pages or other malicious websites. bottom. (A good Samaritan is the Samaritan who helped a lost traveler in the Gospel of Luke 10: 25-37.)
) For example, if a person who finds an AirTag of a lost item scans the AirTag, it will be automatically transferred to the URL.
However, since it is possible to enter any code other than the phone number and email address in the lost mode, for example, the person who scanned the AirTag You may be redirected to a fake iCloud login page or another malicious site.
It’s possible that something other than your phone number or email address is entered on found.apple.com
Security consultant Bobby Rauff explained the issue to Krebs on Security. Rauff reported the issue to Apple on June 20, but Apple hasn’t addressed the issue yet. He told Krebs on Security that he had given him 90 days to open the issue to the public.
“I can’t remember other cases where these low-cost small tracking devices could be weaponized” (Rauf)
The price of one AirTag is $ 29 (3800 yen in Japan).
Mr. Krebs introduced a scenario that actually happened in the past and abused an inexpensive USB drive. An attacker drops a malware-laden USB in the parking lot of a company he wants to hack, and employees think it’s a lost item and connect it to an office PC to break into the network. This actually happened in 2008 in a parking lot at a US Department of Defense facility.
Rauff said the issue may not be the most important issue for Apple, but it should be easy to fix. Apple hasn’t responded to Krebs on Security’s request for comment.
Copyright © ITmedia, Inc. All Rights Reserved.
Note: This article have been indexed to our site. We do not claim ownership or copyright of any of the content above. To see the article at original source
Click Here
Sleek Socket Original & Patented Ultra-Thin Outlet Concealer with Cord Concealer Kit, Flat Extension Cord with…
$23.95 (as of January 24, 2025 19:25 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Airmoto Tire Inflator Portable Air Compressor/Pump for Car Tires w/Digital Tire Pressure Gauge - Air Compressor (120…
$69.99 (as of January 24, 2025 19:25 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Lipfidence Lip Lightening Cream for Dark Lips|Lip Lightener for Smokers and Non-Smokers | Help fade lip discoloration with Alpha…
$22.99 (as of January 24, 2025 19:56 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
Dog and Cat Dewormer - 4 oz of Wormer Liquid to Paralyze and Expel Roundworms - Kitten and Puppy Dewormer
$12.98 (as of January 23, 2025 19:19 GMT +00:00 - More infoProduct prices and availability are accurate as of the date/time indicated and are subject to change. Any price and availability information displayed on [relevant Amazon Site(s), as applicable] at the time of purchase will apply to the purchase of this product.)
