TechCrunch’s Lorenzo Franceschi-Bicchierai has more on Jae Bochs, the hacker at DefCon who was able to spoof the iOS password sharing prompt on iPhones. Turns out they used a $70 device to spoof Bluetooth Low Energy packets — and since the Control Center toggle for WiFi and Bluetooth doesn’t actually turn those radios off, the signals were able to get through.
Bochs also said they created a proof-of-concept that “builds a custom advertisement packet that mimics what Apple TV etc. are constantly emitting at low power,” effectively spoofing an Apple device that tries to repeatedly connect to nearby devices and triggers the pop-ups. [...]
Unlike real Apple devices, his contraption wasn’t programmed to collect any data from nearby iPhones, even if the person tapped and accepted the prompts. But, in theory, they could have collected some data, according to Bochs.
