Apple's MagicPairing for Bluetooth fails to enchant after mischief-making bugs found hiding in the stack Apple's proprietary approach to securing Bluetooth peripherals, known as MagicPairing, has some benefits, but not magical enough to make vulnerabilities vanish. Researchers from TU Darmstadt in Germany examined the MagicPairing protocol and found that its three implementations – in iOS, macOS, and RTKit – contain ten disclosed …
Given that "Apple's implementation of MagicPairing still has problems, though not particularly serious ones" I can't get too worked up.
OTOH, as a name MagicPairing is as ridiculous as Genius Bar.
And the misspelled code implies that nobody has time to check anything before the fixed in stone product release date. It's no wonder we're seeing more and more issues from these magic geniuses.
MagicPairing adds Apple's iCloud service into the equation. It generates fresh permanent keys based on user-specific iCloud keys every session, a security improvement over permanent keys that remain unchanged. It does so, the researches explain, using a symmetric ratcheting algorithm and authenticated encryption.
So is that more secure or just adding a lot of unnecessary complication to the process of pairing some headphones?
It's primarily for convenience. Once an Apple Bluetooth device using this protocol is paired to another, it's automatically paired to every device which uses the same iCloud account. So you pair your AirPods once to your iPhone, then they are automatically paired with your Mac, iPad and any other device signed in to your iCloud account and can seamlessly switch between these without being reconnected or repaired.
It also in theory allows for devices to be locked to an iCloud account - so stolen AirPods or Apple Pencils could not be used on devices associated with another account without being unlocked first.
Whenever I have some BT headphones within range of more than one paired device with their BT on, it's pot luck which one they connect to.
So forcing pairing with every Apple device you have doesn't sound like a feature I want, although I'm sure Apple have done something Magic so connecting is better too.
Pairing != Connecting. MagicPaired devices will connect automatically to whichever device they were last connected, and appear pre-paired in the Bluetooth menus of all other devices on the same iCloud account. They can then be connected with a single click/tap from that device, which then becomes the active connection. It's actually rather well implemented.
The misspellings are because those coders are twenty-somethings who have received the benefits of modern education systems? Some of whom could have English as a second language (although it's quite possible their spelling may be better)? The "checking" might be done by a thirty-something with a similar education who has had longer to develop bad habits?
Code that still works, but has minor flaws in it.
Well I don't care that they are minor flaws. When I hand over my code to the customer, if he finds some "minor flaw" in it you can bet I'm getting my sorry ass back in the saddle lickety-split and I'm correcting that flaw right damn NOW.
Of course, the big difference is that I depend on my customer's satisfaction to get paid, whereas those three guys obviously didn't.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
