This is another example of very specific situations in INFOSEC. It’s unlikely that you will become a victim to this key logger attack. And of course the title suggests that Apple’s Find My network is compromised. This is not the case. But it is being utilized, in this instance, against Apple’s rules and regulations.
The real hack here is that the victim had their keyboard modified or was given a compromised keyboard that broadcasts Bluetooth signals, that are then picked up on the Find My network. It could be transmitted via Cellular, Bluetooth, WiFi, audible sound, monitoring energy differentials, etc. It’s the HMI hardware that’s been compromised. Apple will likely develop updates to their Find My network, but the compromised keyboard could then be modified to use some other service or broadcast methods. Apple fixing the Find My network to recognize bad actors will not prevent this style of attack.
The potential to abuse Find My to transmit arbitrary data besides just device location was first discovered by Positive Security researchers Fabian Bräunlein and his team over two years ago, but apparently, Apple addressed this problem.
Not with Apple’s network anymore apparently. But if you read the original PoC from 2021 they said Amazon’s Echo devices have the same potential.
Ultimately, even the researchers have indicated the slow and unreliable nature of the attack (which now no longer works).
Small complication: public key validity. Having implemented both the sending and receiving side, I performed a first test by broadcasting and trying to receive a 32 bit value. After a few minutes, I could retrieve 23 out of the 32 bits, each one being unambiguous and with ~100 location reports, but no reports for the remaining 9 bits.
Bob Goldberg, chief executive officer of the National Association of Realtors, the nation’s largest trade association, is stepping down, the organization announced Thursday.
This is why they’ve been running nonstop ads about their “code of ethics” and how they help the community. The ads have been run practically on loop for several weeks in English and Spanish. At first I was just like, what a joke, tell that to 2007. But then it was just getting weird how often the ads would play…now I know why. They must have known this was coming to light.
It’s a really nice mouse, sleek, super portable, and I never use mine.
I have the trackpad (general productivity, day to day use), a Logitech MX Anywhere 3S (engineering drawings and other editing that flows better with a mouse), and the MX Master 3 (all of the above, best productivity mouse I’ve ever used).
My preferred mouse is the MX Master which stays at the home office and flips between devices. The trackpad stays at my work office, and the MX Anywhere travels with me. The Magic Mouse simply doesn’t have enough utility for anything I’m doing.
Maybe Russia got Iran to get Hamas to attack Israel knowing that Israel would go full scale, knowing that the USA is all in on Israeli support, thus reducing their aid to Ukraine?
I accidentally picked too large a cup size and realized I have no idea how to stop the brew. I remember this happening once at an office Keurig and we just opened the lid making a hot mess everywhere. Is there really no way of emergency stopping the brew?
Apple has acknowledged user complaints that iPhone 15 and 15 Pro phones are overheating, reports Forbes, but said that contrary to speculation, it has nothing to do with the phone’s hardware design. Forbes noted an update to Instagram has already rolled out with version 302, released September 27th, to address some of the...
I actually had this great usb a to usb c from a JBL speaker that uses the usb a reversible standard. This was perfect to replace the lightning usb a I was using in my car for CarPlay.
When police arrived at his house to investigate a hit-and-run, Joseph Ruddy, one of the nation’s most prolific federal narcotics prosecutors, looked so drunk he could barely stand up straight, leaning on the tailgate of his pickup to keep his balance....
Lemmy.world is temporarily disabling open signups and moving to an application-required signup process, due to ongoing issues with malicious bot accounts....
In many parts of Europe, it’s common for workers to take off weeks at a time, especially during the summer. Envious Americans say it’s time for the U.S. to follow suit....
This is from the Keurig app I use for my WiFi model coffee maker. The concept is cool but the app sucks and ultimately doesn’t work well. Just thought this was funny and indicative of the lack of thought in their execution.
Atlanta-area prosecutors investigating efforts to overturn the 2020 election results in Georgia are in possession of text messages and emails directly connecting members of Donald Trump’s legal team to the early January 2021 voting system breach in Coffee County, sources tell CNN.
It’s so fucking strange too. It’s like they brought this new TV and they’ll be damned if they’re going to be told it doesn’t work as well as advertised. I would think we could all unite about this, and we could show the world that not even the president can evade justice. But instead they’re still selling him hard.
Republicans: {smacks Donald’s ass} “This baby here can fuck up at least 10 democracies.”
Title says most of it. Spin electric scooters exited the Seattle market and abandoned their scooters all over the city and apparently they have a pi 4 in them!
Milk Rule (lemmy.blahaj.zone)
Hey Buddy (feddit.de)
DOJ announces arrests in ‘high-end brothel network’ used by elected officials, military officers and others (www.cnn.com)
Apple 'Find My' network can be abused to steal keylogged passwords (www.bleepingcomputer.com)
National Association of Realtors CEO steps down, days after the trade group was found liable for conspiracy to inflate rates (www.cnn.com)
Bob Goldberg, chief executive officer of the National Association of Realtors, the nation’s largest trade association, is stepping down, the organization announced Thursday.
deleted_by_author
Apple’s keyboard, trackpad, and mouse still have Lightning ports (www.theverge.com)
Infrared aurora on Uranus confirmed for the 1st time (www.space.com)
The Keck II telescope in Hawaii is the first to see the infrared glow on Uranus, caused by hydrogen molecules in the atmosphere becoming excited.
Yes, I'm using a ThinkPad as my mouse pad, DONT JUDGE ME. (lemmy.world)
pop r(ule)ocks (lemmy.blahaj.zone)
A meme for math people (lemmy.world)
The correct civilians to slaughter (sh.itjust.works)
How do you stop a Keurig mid-brew if you choose the wrong size?
I accidentally picked too large a cup size and realized I have no idea how to stop the brew. I remember this happening once at an office Keurig and we just opened the lid making a hot mess everywhere. Is there really no way of emergency stopping the brew?
Apple blames iOS 17 bugs and apps like Instagram for making iPhone 15s run hot (www.theverge.com)
Apple has acknowledged user complaints that iPhone 15 and 15 Pro phones are overheating, reports Forbes, but said that contrary to speculation, it has nothing to do with the phone’s hardware design. Forbes noted an update to Instagram has already rolled out with version 302, released September 27th, to address some of the...
My new ssd didn't fit so i fixed it. (lemmy.world)
Russians struck a closed hotel in Odesa, claiming it was the "headquarters" of the Ukranian Navy (streamable.com)
Photos: imgur.com/a/gEdrGmU
18+ Hello (discuss.tchncs.de)
Nice Day Outside with My Kids (lemmy.world)
First impressions of USB-C on iPhone 15
Now that we see the iPhone 15 with the new usb-c port, what’s your first impression?...
Family sues Google after Maps allegedly directed father off collapsed bridge (www.theguardian.com)
Tech company faces negligence lawsuit after Philip Paxson died from driving off a North Carolina bridge destroyed years ago...
Apple event as a consumer vs. investor (lemmy.world)
🥱 ➡️ 🤑
Body cam shows prolific federal drug prosecutor offering cops business card in DUI crash arrest (apnews.com)
When police arrived at his house to investigate a hit-and-run, Joseph Ruddy, one of the nation’s most prolific federal narcotics prosecutors, looked so drunk he could barely stand up straight, leaning on the tailgate of his pickup to keep his balance....
FIGHT! FIGHT! FIGHT! (i.imgur.com)
Temporary Changes to our Sign-Up Policy
Lemmy.world is temporarily disabling open signups and moving to an application-required signup process, due to ongoing issues with malicious bot accounts....
66% of Americans want European-style vacation policies, like being OOO for the entire month of August (www.cnbc.com)
In many parts of Europe, it’s common for workers to take off weeks at a time, especially during the summer. Envious Americans say it’s time for the U.S. to follow suit....
Jan. 6 Rally Organizer Created Her Own Mugshot Because She Felt Left Out (www.vice.com)
Europe’s sweeping rules for tech giants are about to kick in. Here’s how they work (english.elpais.com)
Do as i say, not as i do
https://lemmy.world/pictrs/image/af2718fb-a639-4211-8edc-34a0195fb430.jpeg...
Firefox on Fire These Days (i.imgur.com)
Georgia prosecutors have messages showing Trump's team is behind voting system breach (www.cnn.com)
Atlanta-area prosecutors investigating efforts to overturn the 2020 election results in Georgia are in possession of text messages and emails directly connecting members of Donald Trump’s legal team to the early January 2021 voting system breach in Coffee County, sources tell CNN.
Music labels sue Internet Archive over digitized record collection (www.reuters.com)
Raspberry pi 4 inside abandoned scooters (www.tomshardware.com)
Title says most of it. Spin electric scooters exited the Seattle market and abandoned their scooters all over the city and apparently they have a pi 4 in them!
From the evening of Aug 5th to the morning of Aug 6th, 2023, the Russian occupiers launched a massive missile attack on the territory of Ukraine. 30 cruise missiles and 27 strike drones destroyed. (sopuli.xyz)
Translated from source: t.me/kpszsu...
siege on young tr(ul)ebber
https://ttrpg.network/pictrs/image/25297331-851d-4713-939f-9a59c5d79930.jpeg
Fruity trojan downloader performs multi-stage infection of Windows computers, masquerading as apps for fine-tuning CPUs, graphic cards, and BIOS, for hardware-monitoring, and others. (news.drweb.com)
Summary...
Zing (lemmy.world)