"Red Alert" Comes From Cheap Device That Can Still Hack iPhone Password

A few days ago, iPhones of visitors to a hacker conference in Las Vegas (USA) continuously received requests to connect to a virtual Apple TV.

It turns out that the “Apple TV” that was trying to sync with those iPhones was a homemade Bluetooth device that cost only about $70.

The perpetrator of this prank, hacker Jae Bochs, explained his idea, which was to draw attention to a serious vulnerability that he hopes Apple will quickly fix:

"If the user (iPhone) interacts with the request and if the other end is set up to respond in a convincing manner, I think the device could get the target to reveal various passwords."

Mr. Bochs also said that the device was built with components worth a total of $70, including a Raspberry Pi Zero 2W computer, two antennas, a battery and a Linux-compatible Bluetooth chip.

At the core of the hack was lax security of the BLE (Bluetooth Low Energy) feature that allows Apple devices to connect to each other via Bluetooth.

According to Mr. Bochs, until the above vulnerability is completely fixed, iPhone users and any Apple products should not put too much trust in the Control Center application on them.

Specifically, to completely turn off Bluetooth on iPhone, iPad or MacBook, Apple users cannot rely on the seemingly convenient toggle button on Control Center, but should instead access Settings.

This actually prevents their devices from interacting with other nearby Bluetooth devices, such as hackers' fake Apple devices.