[jimiasty]

You don't need MAC address - you just need the iPhone to broadcast specific BLE advertising packet/payload.

Using Core Bluetooth API it is trivial, but you need to either: a) create an app that does it and user has to download it b) modify SDKs existing in apps (e.g. Ad SDKs)

Also turning app/phone into a "BLE beacon" is only possible when app running in the foreground (on iOS).

[dmitrygr]

Please read the original source again. You need to KNOW (or guess) own mac address as it becomes a part of the key.

[jimiasty]

Yes, you are correct!

Knowing the MAC makes the attack reasonable - let's say 5 hours compute for 3080Ti.

Not knowing the MAC makes it exponentially harder. You can still "guess" it, but the search-space is vast and that would take bazillion-years.

So to attack iOS device: - user has to download the app - app has to broadcast fake BLE - some other devices (e.g. Android/RasPi would need to pickup that MAC and pass it to you