hngopher.com

       [HN Gopher] Breaking the Mirror - A Look at Apple's New iPhone R...
       ___________________________________________________________________
        
       Breaking the Mirror - A Look at Apple's New iPhone Remote Control
       Feature [video]
        
       Author : doener
       Score  : 87 points
       Date   : 2024-12-27 21:12 UTC (1 days ago)
        
 (HTM) web link (media.ccc.de)
 (TXT) w3m dump (media.ccc.de)
        
       | hrtk wrote:
       | 1. Siri treating it as unlocked on device
       | 
       | 2. setup shortcuts with a timer to access mic when disconnected
       | from a Mac.
       | 
       | 3. add BT/Wifi devices when connected to Mac (aka persistence by
       | author).
       | 
       | 4. stolen device protection bypass given you have Mac signed in
       | with same Apple ID.
        
       | gigamike wrote:
       | I'm sorry what? This is by far the least useful feature of
       | Seqoia, it requires you to authenticate on the phone and Mac each
       | and every time you try and use it. If my phone is in my bedroom
       | and I want to check on my Anker battery charging status, I have
       | to get up, put my pin in my iPhpone (16 Plus) and then
       | fingerprint auth on my Mac (mini4 Max). Even if you select auto-
       | auth, you stil have to authenticate each and every time you use
       | the feature. If I have to auth on my phone, why not just save
       | time and use that device for the info I need?
        
         | _rs wrote:
         | I don't have to auth on my phone every time. I suspect maybe I
         | do for the first time I use this feature for that _boot_ of my
         | phone, but I haven't confirmed that yet. This would be useless
         | if you had to auth on the phone every single usage
        
         | kalleboo wrote:
         | I use this feature all the time, and never have to auth on my
         | phone... Do you have some higher security setting than default,
         | like requiring passcode and not allowing biometric unlock?
        
         | damvigilante wrote:
         | That is absolutely not the case. On phone restart I need to
         | reauth, but that's about it.
        
         | kbos87 wrote:
         | Being able to access iPhone apps I use continuously during the
         | day without having to pick up the device makes this feature
         | hugely useful to me. I only get asked to auth on my iPhone once
         | every few days, if that.
        
       | pxeger1 wrote:
       | I use this feature a lot. I noticed a month or two ago that it
       | started requiring way more authentication than it did at release,
       | and then it went back to normal a few weeks later. I wonder if
       | that was while they were fixing whatever vulnerabilities this
       | research might have discovered
        
       | aucisson_masque wrote:
       | Interesting presentation, I wish it would have gone deeper on the
       | mechanism that allows a Mac to connect to an iphone.
       | 
       | This is probably much more complex and time consuming than what
       | was done here but it also brings a whole new level to the
       | tracking on iphone.
       | 
       | I could very well see the NSO Group and other pegasus spyware
       | maker abuse it to access iphone, maybe more in situation where
       | you get close to the victim like border checks, police patrols
       | and so on.
        
       | hk1337 wrote:
       | I thought this was going to be about the remote app you can use
       | to control the Apple TV. I noticed over Christmas it had channel
       | up/down arrows for switching channels.
        
       ___________________________________________________________________
       (page generated 2024-12-28 23:02 UTC)