Sharing which password? If it can only spoof an Apple TV pairing, that doesn’t sound that scary. The tv pairing doesn’t use your Apple ID password — it uses a unique code you set up on the device.
Yeah. The device isn’t capable of collecting passwords. The guy is only claiming it could.
The article’s author has no business covering this event. They sound like an easy social engineering target.
Its not just an Apple TV pairing. The issue is that you can just push out Bluetooth advertisement packets and the phone will automatically prompt the user to connect. What I didn’t find in the article is the structure of those advertisements. It seems to imply that you can send arbitrary messages with that connection request that will show on the victim side. The message could say things like, “Enter your password to connect to headphone” or something like that.
Users are notoriously bad for giving away passwords if you simply ask for them.
