• @reddig33
    link
    English
    61 year ago

    Sharing which password? If it can only spoof an Apple TV pairing, that doesn’t sound that scary. The tv pairing doesn’t use your Apple ID password — it uses a unique code you set up on the device.

    • @Clent
      link
      English
      31 year ago

      Yeah. The device isn’t capable of collecting passwords. The guy is only claiming it could.

      The article’s author has no business covering this event. They sound like an easy social engineering target.

    • @[email protected]
      link
      fedilink
      11 year ago

      Its not just an Apple TV pairing. The issue is that you can just push out Bluetooth advertisement packets and the phone will automatically prompt the user to connect. What I didn’t find in the article is the structure of those advertisements. It seems to imply that you can send arbitrary messages with that connection request that will show on the victim side. The message could say things like, “Enter your password to connect to headphone” or something like that.

      Users are notoriously bad for giving away passwords if you simply ask for them.