__veronica__ Profile picture
Nov 3, 2022 9 tweets 6 min read Read on X
Now at @ekoparty, researcher @Netxing presenting on the misuse of apple airtags with project Amini. #EKO2022 #privacy #vigilancia
Apple airtags are small, low cost, and have three different technologies that allow for very precise location tracking. #EKO2022
Unfortunately #airtags are used for tracking people without their consent; mostly to track women. They can fit in many places, specially fitting well under vehicles.
Many attackers are selling fake airtags without the sound.. and more expensive. #EKO2022
Airtags have three technologies: NFC, bluetooth and ultra wide band. NFC is to register the device,
BLE is to locate through other apple devices, and ultra wide band is to have precise location. #EKO2022
AirTags constantly send advertising packets. What do they send on these packets? Apple device id, the type of apple service, and a public key used to identify the owner of the device. #EKO2022
Project Amini allows to find airtags. Even airtags thay are not enabled. We can use tools to spoof the airtag and make the potential attacker believe the airtag is at a different location. With HCI tools in Linux and with @flipper_zero #EKO2022
Using @flipper_zero to spoof airtags! Crazy. #EKO2022
Although AirTags are the most popular, the problem also applies to other technologies such as Tile and others. #byelection2022

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with __veronica__

__veronica__ Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @verovaleros

Nov 2, 2022
Now starting @juanandres_gs at @ekoparty on cyber espionage in #latam. Studying espionage is very interesting: involves knowing the context, the culture, the economic factors. But, how much there really is? #ekoparty
We know hundreds of groups. Not all state-sponsored. The reality is that is not much on how much we know, but how much are we actually looking for. In Latin America we are not looking hard enough. We cannot longer say nothing is happening in #latam. #ekoparty
We are no looking hard enough in many regions. And there’s activity originating in some regions that are being ignored.
Read 8 tweets
Oct 9, 2020
Friday night, playing again with #honeypots <3 Image
The installation was very smooth, and the end result is neat. Don't try to run this with 4GB of memory, because is not gonna work. T-Pot requires at least 8GB (note to self: rtfm). Image
The number of attacks received always impresses me. Less than 45 minutes minutes after installation and the numbers are staggering.
👉🏿5,030 Dionaea attacks
👉🏿1,375 Cowrie attacks
Read 24 tweets
Jun 3, 2020
How does the traffic of Flexnet looks like? The sample shared below is available on @apklabio along with a nice pcap capture 👉🏿 apklab.io/apk.html?hash=…
From Wireshark Protocol Hierarchy Statistics we can see that most of the traffic is TCP on IPv4. Few UDP. A nice amount of packets.
Next step for me is always look at the conversations. I want to get a feeling of how many things do we need to check and verify. In this case there are only 12 IPs to check (1 IP is local). Easy to discard a few things here knowing this is an Android phone.
Read 20 tweets
Oct 2, 2019
Now on the Green Room at #VB2019, @eldracote @anshirokova will present "Geost botnet. The discovery story of a new Android banking trojan from an OpSec error", a work also done with @MaryJo_E !
The Geost botnet was found by investigating the traffic of a different botnet: #htbot also known as proxyback. This htbot botnet offers a proxy service for users in the underground.
The Geost operators were using htbot to access the command and control servers from Geost (thinking they were hiding themselves).
Read 10 tweets

Did Thread Reader help you today?

Support us! We are indie developers!


This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Follow Us!

:(