U-Vratislav Holub I-AirTag smart locator ayikaze ibe semakethe amasonto amabili futhi isivele igqekeziwe. Lokhu kunakekelwe uchwepheshe wezokuphepha waseJalimane uThomas Roth, ohamba ngesiteketiso u-Stack Smashing, okwazile ukungena ngqo kusilawuli esincane futhi ngemuva kwalokho aguqule i-firmware yayo. Uchwepheshe wazisa ngakho konke ngokuthunyelwe ku-Twitter. Kwaba ukungena ku-microcontroller okwamvumela ukuthi ashintshe ikheli le-URL lapho i-AirTag isuke ibhekisela kumodi yokulahlekelwa.
Yebo!!! Ngemva kwamahora amaningi ngizama (kanye nokwenza izitini ama-AirTag angu-2) ngikwazile ukungena ku-microcontroller ye-AirTag! 🥳🥳🥳
/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph
- stacksmashing (@ghidraninja) Kwangathi 8, 2021
Ngokusebenza, isebenza ukuze uma lowo othola indawo esesimweni sokulahlekelwa, othile athole futhi abeke ku-iPhone yakhe (ukuxhumana nge-NFC), ifoni izobanikeza ukuvula iwebhusayithi. Lena yindlela umkhiqizo osebenza ngayo ngokujwayelekile, lapho ubhekisela olwazini olufakwe umnikazi wangempela. Noma kunjalo, lolu shintsho luvumela izigebengu ze-inthanethi ukuthi zikhethe noma iyiphi i-URL. Umsebenzisi ozothola kamuva i-AirTag angafinyelela noma iyiphi iwebhusayithi. U-Roth uphinde wabelane ngevidiyo emfushane ku-Twitter (bheka ngezansi) ebonisa umehluko phakathi kwe-AirTag evamile kanye ne-hacked. Ngesikhathi esifanayo, akumelwe sikhohlwe ukusho ukuthi ukugqekeza ku-microcontroller kuyisithiyo esikhulu ngokumelene nokuxhaphaza i-hardware yedivayisi, manje eseyenziwe noma kunjalo.
Igalari yezithombe
Yiqiniso, lokhu kungapheleli kusetshenziswe kalula futhi kungaba yingozi ezandleni ezingalungile. Izigebengu ze-inthanethi zingasebenzisa le nqubo, isibonelo, ubugebengu bokweba imininingwane ebucayi, lapho zingaheha khona idatha ebucayi evela kuzisulu. Ngasikhathi sinye, ivula umnyango wabanye asebekhulile asebengaqala ukulungisa i-AirTag. Ukuthi i-Apple izobhekana kanjani nalokhu akukacaci okwamanje. Isimo esibi kakhulu esokuthi indawo elungiswe ngale ndlela isazosebenza ngokugcwele futhi ayikwazi ukuvinjwa ukude kunethiwekhi ethi Thola My. Inketho yesibili izwakala kangcono. Ngokusho kwakhe, umdondoshiya waseCupertino angaphatha leli qiniso ngokuvuselelwa kwesoftware.
Wakhe idemo esheshayo: I-AirTag ene-NFC URL eguquliwe
(Izintambo ezisetshenziselwa amandla kuphela) pic.twitter.com/DrMIK49Tu0
- stacksmashing (@ghidraninja) Kwangathi 8, 2021
Kungaba njalo okuthakaselayo
Umuzwa nje, ibhamuza elivuthele phezulu ngokungadingekile. Lokhu akunawo umthelela omkhulu enjongweni eyinhloko ye-AirTag. Angicabangi ukuthi kufanele sikhathazeke ngokugetshengwa kwenqwaba yama-fobs ethu abalulekile nhlobo.
Futhi yini ayithola? Angiboni ukuthi kungaba kuhle kanjani kunoma ubani.
Yebo, lokho ukuphepha okudumile kwe-Apple :-(
Kimi, i-AirTag iyithuluzi elingenamsebenzi ngokuphelele! Kukhona abanye abaningi emakethe, abanemisebenzi efanayo, futhi njengebhonasi ingxenye yesithathu yenani :-)