[kccqzy]

I read the original article to find the narrow range of conditions. It states "iOS and macOS are vulnerable when Bluetooth is enabled and a Magic Keyboard has been paired with the phone or computer" so does this mean if a computer has ever paired with a Magic Keyboard, it would allow itself to be paired with additional keyboards that the user did not want to pair?

As someone who has bought multiple Magic Keyboards, this definitely concerns me.

[MBCook]

I’m sort of assuming the Magic Keyboard has to be present, but we don’t know that based on the write up. It’s a great question though. All desktop Macs come pre-paired with a Magic Keyboard even if you never use it. so if the keyboard doesn’t have to be actively connected at the time that would make them all vulnerable unless someone had unpaired them.

The other thing that wasn’t clear to me is if the vulnerability exists if a Magic Keyboard isn’t in the mix. If I have never paired one to my laptop and instead I am use a different brand of Bluetooth keyboard is it still a problem?

In other words is this Magic Keyboard specific? I’m assuming the author had other Bluetooth keyboards. Of course even if it is that doesn’t mean there aren’t other vulnerabilities lurking in iOS/macOS in this area.

[tedunangst]

Alas, merely guessing, but it sounds like you can tell an apple device "I am the magic keyboard you know and trust" and it will believe you.

[wtallis]

Wouldn't that require knowing/guessing/brute-forcing a unique device identifier that's probably not available to be sniffed if the genuine keyboard in question isn't in use?

[tedunangst]

Perhaps there is a bug and the unique identifier isn't checked.

[MBCook]

That was sort of the impression I got. It’s not that Apple is doing something unfixable, it’s that they have a bug that enables something that shouldn’t happen.

Still guessing here, but if I have a Magic Keyboard paired to my computer right now and I’m using it, is there any reason to let a second Magic Keyboard automatically pair itself?

If your Bluetooth device pretends to be the second Magic Keyboard and automatically pairs it could start injecting keystrokes. That seems like it would fit the description here.

Maybe (or maybe not) that involves pretending to be the first Magic Keyboard. Apple makes their stuff, they KNOW that no to have the same serial number (unlike some cheap stuff you can buy). But if they don’t protect against that…

[Findecanor]

Apple's "Magic Keyboard" is supposed to exchange Bluetooth keys with a MacOS host over its USB/Lightning cable the first time it gets plugged in.

Perhaps default pairing is left open to allow smoother pairing with iOS/iPadOS, as pairing otherwise would have required a cable with Lightning connector in both ends — which I don't think exists.