Hackers may have found a new way to track you, and this Apple flaw is at the center of it
Apple's Find My network. | Image Credit - Apple
Privacy and security-focused Apple is in trouble. A team of researchers at George Mason University recently found an exploit of Apple's Find My network that ominously turns any device into a little traitor stalker. The vulnerability lets malicious users silently track any Bluetooth device using Apple's Find My network.
The researchers published the news in a blog post. They have found a way to turn any device, including phones, laptops, gaming consoles into an AirTag, without the owner realizing it, and then use Find My to track the location of the device. Basically, they trick Apple's Find My network to think the device is an AirTag, that is, so it starts following it.
How Apple's Find My works is that it sends Bluetooth messages from AirTags and other compatible item trackers to nearby Apple devices. These devices then anonymously share the location of the AirTag to its owner via Apple's servers.
Yep, the AirTag is designed to change its Bluetooth address with a cryptographic key, for security. But hackers are unstoppable, right? The researchers were able to develop a system that could find keys for Bluetooth addresses. This isn't particularly easy to do: they did it by using "hundreds" of GPUs to find a key match. But, there could be resourceful hackers too, you know.
A frankly creepy success rate of 90% was achieved by an exploit called "nRootTag", and the exploit, on top of it all, doesn't require sophisticated administrator privileges, meaning, it doesn't require rooting.
Using the exploit, the researchers were able to track the location of a computer with an accuracy of 10 feet (frankly terrifying!) which also enabled them to trace a bicycle moving through the city.
Back in July 2024, the researchers informed Apple about the vulnerability and urged Cupertino to update the Find My network to better verify Bluetooth devices. Apple acknowledged their help, but has yet to fix the issue, and hasn't given info on how it will fix it either.
The researchers also said a fix may take years to roll out, just because not all people update their devices immediately even after Apple releases a new software update.
Sadly, for now, there are not a lot of things you can do to protect yourself against it. The researchers advise to never allow unnecessary access to the device's Bluetooth when apps request it, and always keep your devices updated.
Privacy and security-focused Apple is in trouble. A team of researchers at George Mason University recently found an exploit of Apple's Find My network that ominously turns any device into a little traitor stalker. The vulnerability lets malicious users silently track any Bluetooth device using Apple's Find My network.
How Apple's Find My works is that it sends Bluetooth messages from AirTags and other compatible item trackers to nearby Apple devices. These devices then anonymously share the location of the AirTag to its owner via Apple's servers.
The researchers were able to find a way to track devices using the Find My network with the right key.
Yep, the AirTag is designed to change its Bluetooth address with a cryptographic key, for security. But hackers are unstoppable, right? The researchers were able to develop a system that could find keys for Bluetooth addresses. This isn't particularly easy to do: they did it by using "hundreds" of GPUs to find a key match. But, there could be resourceful hackers too, you know.
A frankly creepy success rate of 90% was achieved by an exploit called "nRootTag", and the exploit, on top of it all, doesn't require sophisticated administrator privileges, meaning, it doesn't require rooting.
Using the exploit, the researchers were able to track the location of a computer with an accuracy of 10 feet (frankly terrifying!) which also enabled them to trace a bicycle moving through the city.
Back in July 2024, the researchers informed Apple about the vulnerability and urged Cupertino to update the Find My network to better verify Bluetooth devices. Apple acknowledged their help, but has yet to fix the issue, and hasn't given info on how it will fix it either.
Sadly, for now, there are not a lot of things you can do to protect yourself against it. The researchers advise to never allow unnecessary access to the device's Bluetooth when apps request it, and always keep your devices updated.
FCC OKs Cingular\'s purchase of AT&T Wireless
Things that are NOT allowed: