Tag: Bluetooth

Multiple active exploits could affect iPhone use of Bluetooth.

Flipper Zero hacker tool could be used to trigger iPhone DDoS attack using Bluetooth signals by AirPods, HomeKit accessories, etc. These signals usually trigger popup on iPhone allowing to connect to headphones or perform other actions. Crafting these signals in a specific way could result in iOS restart.

Newly discovered BLUFFS attack could be used to impersonate devices and trigger disclosure of private information. It is not yet clear, if AirDrop is affected by this attack as it uses more than just Bluetooth to authenticate the device. However, it is still possible to hijack audio or other Bluetooth connection. Fix would require device manufacturers to modify security mechanisms of Bluetooth stack.

References:

• Flipper Zero can still crash iPhones running the latest version of iOS 17
• Bluetooth security flaws allow connections to be hijacked; AirDrop unlikely to be affected [U]

Apple and Google are cooperating (again!) on use of Bluetooth (again!) tracking technology. AirTags and other item trackers based on Bluetooth could be used to perform unwanted tracking.

Apple added additional safeguards to report unrecognized AirTag traveling with user. Also, app was introduced for Android users.

Now Apple and Google are working together to have unified specification to alert users of unwanted location trackers. Future versions of iOS and Android are to implement these specifications.

Apple Newsroom: Apple, Google partner on an industry specification to address unwanted tracking

IETF Datatracker: Detecting Unwanted Location Trackers

Google Play: Tracker Detect

References:

• Apple and Google Submit Spec to Industry Group Addressing Unwanted Use of Item Trackers
• Apple to Expand AirTag-Like Unwanted Tracking Alerts to Other Item Trackers in Future iOS Version
• Apple and Google team up to bring AirTag-like unwanted tracking alerts to all item trackers on iPhone and Android

Hey there! This week we have many great reads for the developers, so – buckle up!

This week we'd like to pay our respects to Ray Wenderlich and his portal. Now it has new name – Kodeco. It is still great source of useful content for developers and we'll even share couple of articles today.

• But, we'll start with great article on secure memory management from Apple Security Engineering and Architecture team – Towards the next generation of XNU memory safety: kalloc_type;
  
  
• And another great read is Apple Developer article with great usages of Dynamic Island – Spotlight on: The Dynamic Island;
  
  
• Moritz Philip Recke explores video preparation for streaming – Converting video files for HLS streaming;
  
  
• Create a Card with an Image Outside its Bounds in SwiftUI by Leonardo Maia Pugliese is a great walkthrough on SwiftUI with out-of-bounds drawing;
  
  
• Magnus Jensen shows good example of placing button for different device types – Better placements of bottom buttons in SwiftUI;
  
  
• Natalia Panferova shares two articles on different aspects of development – Fill bar marks with gradient in Swift Charts to make your bar charts nicer and good hint on app localization review – Check localizable strings with the accented pseudolanguage in Xcode;
  
  
• Great review of recent Bluetooth audio vulnerability in iOS by Guilherme Rambo – SiriSpy - iOS bug allowed apps to eavesdrop on your conversations with Siri;
  
  
• Another great SwiftUI guide – Create Custom Cell with Placeholder UI Using UIHostingConfiguration by Lee Kah Seng;
  
  
• As promised – couple of great articles on Kodeco – State Restoration in SwiftUI by Tom Elliott will help make your app more magical for users, App Shortcuts: Getting Started by Andrej Vukelic guides on making app better integrated into iOS and Building a Recommendation App With Create ML in SwiftUI Saeed Taheri focused on machine learning practical usages;
  
  
• Jordan Morgan raises important question for those who use SwiftUI – Presenting Sheets: Item, or a Boolean Binding?;
  
  
• Refactoring Swift: Best Practices to succeed by Antoine van der Lee gives good tips on refactoring;
  
  
• Two articles from Marco Eidinger – How to handle popups and alerts in WKWebView on web content navigation cases in iOS apps and good unit conversion guide with new Swift Measurement API – Convert Celsius to Fahrenheit and back in Swift.

That's a lot for this week. Have time for rest and some time to read something interesting!

Reports arise that Lufthansa is now banning AirTags in checked luggage requesting tracking devices to be turned off.

At the moment it is not known if rules are to be enforced and what airlines, which countries and airports will require removal of AirTags from luggage.

Overall, it still looks very strange having that Airplane mode on iPhone does not turn off Bluetooth.

References:

• Lufthansa says it is not banning AirTags from its flights despite tweets claiming otherwise
• AirTags in Checked Baggage

Apple releases bug fix releases – iOS and iPadOS 15.4.1, macOS 12.3.1 and watchOS 8.5.1. HomePod software is also updated to 15.4.1 version.

iOS fixes include battery drain fix, macOS Monterey now should have Bluetooth game controllers working properly.

Reference:

• Apple releases iOS 15.4.1 with battery issues fix for iPhone and iPad
• Apple Releases watchOS 8.5.1 With Security Updates and Bug Fixes
• Apple Releases HomePod 15.4.1 Software With Siri Fix
• Apple Releases iOS 15.4.1 With Fix for Battery Drain Issue
• Apple Releases macOS Monterey 12.3.1 With Bluetooth and Display Fixes
• macOS 12.3.1 fixes bug affecting game controllers and other Bluetooth devices
• Apple fixes multiple zero-day exploits with iOS 15.4.1 and macOS 12.3.1

There are couple of reports showing issues with macOS 12.2 Monterey, iOS 15.3 and watchOS 8.4.

Users report that macOS 12.2 sometimes might result in battery drain during sleep when Bluetooth connection is on.

And watchOS 8.4 with iOS 15.3 update might result in sync issues with Wallet. Some cards and passes added or removed on iPhone are not synced to Watch automatically.

Also, some reports show issues with current beta versions too. Apple warns macOS Catalina and Big Sur users with FileVault volume with possible issues trying to boot into macOS 12.3. Release notes for the beta now includes the warning.

Apple Support: Installing macOS on a separate APFS volume

Reference:

• Some macOS 12.2 Users Experiencing Bluetooth-Related Battery Drain Issue During Sleep Mode
• Apple Watch Wallet sync issues found following watchOS 8.4, iOS 15.3 update
• Apple Warns macOS Catalina Users About Installing macOS 12.3 Beta on Volume With FileVault Enabled

Apple tries to address AirTag unwanted tracking issues in updated safety document.

Both AirTag and the Find My network are designed with privacy at their core. AirTag and Find My network accessories have unique Bluetooth identifiers that change frequently. To discourage unwanted tracking, Find My notifies you if an unknown AirTag or other Find My accessory is seen moving with you over time by sending you the message, “Item Detected Near You.” (This feature is available on iPhone, iPad, or iPod touch running iOS 14.5 or iPadOS 14.5 or later). If you see this message on your device, an AirTag or other Find My accessory that has been separated from the person who registered it is traveling with you, and the owner might be able to see its location. It’s possible that the AirTag might be attached to an item you are borrowing.

Apple

Apple: Personal Safety User Guide

Apple Support: What to do if you get an alert that an AirTag or Find My network accessory is with you

Reference: Apple Explains How to Stay Safe With AirTag and More in Personal Safety Guide

Happy New Year 2022
Here is your list of interesting articles:

Bluetooth LE for modern Android Development (Part 1, 2, 3)

Erik Hellman looks at BLE and covers most of the issues and aspects which we need to address when we develop this support.

WorkManager multi-process for libraries

How Leakcanary leverages WorkManager multi-process and more.

AWS SDK for Kotlin (Developer Preview)

The SDK makes it easy to call AWS services using idiomatic Kotlin APIs. The AWS SDK for Kotlin is multi-platform with support for JVM and Android environments.

Google Cloud’s top AI blog posts from 2021

Google Cloud’s top artificial intelligence and machine learning posts from 2021.

Bonus:
List of trends for 2022

I recommend you review your favorite and main disciplines.

That's all from us, see you next week!