Reported that a phishing attack that exploited the lost mode of Apple's lost item tracker 'AirTag' is possible
Experts point out that it is possible to exploit the lost mode of the lost
Apple AirTag Bug Enables'Good Samaritan' Attack – Krebs on Security
https://krebsonsecurity.com/2021/09/apple-airtag-bug-enables-good-samaritan-attack/
'Ait Tag' is a gadget that helps you find out where the lost item is when attached to the item.
It will make a sound when it's near, or it will tell you where it is on the map, but in case you drop it too far, the owner's contact information or message will be given to the person who found the AirTag. There is a 'lost mode' that allows you to tell.
What has been pointed out this time is an attack that exploits this 'lost mode'. Since it is possible to insert an arbitrary code in the field to set the phone number of the owner of AirTag, it is possible to attack such as 'accessing a fake iCloud login page'.
Security consultant Bobby Roach noticed the bug. I contacted Apple on June 20, 2021, but in response to 'Under investigation', it seems that finally on September 23, 'I will support it in a future update' was returned.
In addition, there is a program that pays a reward of up to 1 million dollars (about 111 million yen) to those who find this kind of bug, but Mr. Roach responded that Apple admits the bug in this case. He didn't get it, and he didn't mention whether the report would be eligible for the bounty program.
Apple has not commented on this matter.
Related Posts:
