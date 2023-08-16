Attendees at Def Con, one of the world’s largest hacking conferences, experienced a baffling occurrence when their iPhones started displaying pop-up messages urging them to connect their Apple ID or share a password with a nearby Apple TV. It was later revealed that these alerts were part of a research project with two goals.

Firstly, the project aimed to remind people that to turn off Bluetooth on an iPhone, they must navigate to the Settings app rather than simply toggling it off on the Control Center accessed by swiping down from the top right corner.

Secondly, the researchers wanted to inject a bit of humor into the conference. Jae Bochs, the security researcher behind the project, carried around a custom-made device triggering these pop-ups as they walked around the conference. Bochs used a contraption consisting of a Raspberry Pi Zero 2 W, two antennas, a Linux-compatible Bluetooth adapter, and a portable battery, estimating its cost to be around $70. The range of this device was about 50 feet or 15 meters.

The experiment focused on exploiting Apple’s Bluetooth Low Energy (BLE) protocols, which enable communication between Apple devices. Bochs created a proof-of-concept by mimicking the advertisement packet emitted by Apple devices and triggering proximity actions on iPhones. These prompts appear when Apple devices are in close proximity to each other. The contraption was not designed to collect any data from nearby iPhones, but theoretically, it could have harvested information if the user interacted with the prompts.

There have been previous reports of flaws in Apple’s Bluetooth protocol that can leak device and behavioral data to nearby listeners. However, Bochs believes that Apple is aware of these issues and allows the vulnerabilities to ensure compatibility with Bluetooth-enabled devices.

To protect oneself from devices like Bochs’ contraption, it is recommended to disable Bluetooth in the iPhone settings as opposed to using the Control Center toggle. Apple has not responded to requests for comment.