Oddbean new post about | logout
Elephant in the root | 3 months ago (raw) | root | parent | reply | flag 
 The attacker could pretend it's 256 devices and transmit the seed by simply sending or not sending a message. It's not that high number.
matt | 3 months ago (raw) | root | parent | reply | flag 
 My point was I’m not sure you can pretend you’re *any* devices without being an Apple device. In any case nostr:nevent1qqsqac7czr2hk05gkf0l5s59tg3tz8xyspn9ea7aqxrvg9pswev8y8spzfmhxue69uhk7enxvd5xz6tw9ec82cspz3mhxue69uhkummnw3ezummcw3ezuer9wcq3gamnwvaz7tmjv4kxz7fwv3sk6atn9e5k7qglwaehxw309ahx7um5wgkhyetvv9ujucnfw33k76tw9ehxjmn2vy728fpa
Elephant in the root | 3 months ago (raw) | root | parent | reply | flag 
 They have cheap BLE tags. If those cannot be reverse-engineered maybe you can record their beacons without the reach of any other device and then just replay them. Buying 256 tags may be worth it if the victim stores tens of millions satoshis.

I'd be really surprised if there isn't any way to sneak out 256 bits of data. Or less if the attacker wants to do some brute forcing.
matt | 3 months ago (raw) | root | parent | reply | flag +1 
 I understand the data to be signed and tied to an Apple ID. It may well also be tied to some per-device factory-sealed key. I mean you can always buy 256 real AirTags but hardware modifications are much more likely to be detected than software ones.