Apple’s Find My network lets users easily track their devices and accessories such as AirTag. However, despite having anti-stalking features, researchers at George Mason University recently discovered an exploit that lets hackers silently track any Bluetooth device through Apple’s network.
Hackers can use Apple’s Find My to track devices and stalk people
As explained by the researchers in a blog post, they have essentially found a way to turn any device such as a phone or laptop into an AirTag “without the owner ever realizing it.” After that, hackers could remotely track the location of that device.
For those unfamiliar, Apple’s Find My network works by sending Bluetooth messages from AirTag and other compatible item trackers to nearby Apple devices. The devices then anonymously share the location of that AirTag directly with the owner via Apple’s servers. What the researchers did was find a way to make the Find My network track any Bluetooth device.
Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for random Bluetooth addresses. This was made possible by using “hundreds” of GPUs to find a key match. The exploit called “nRootTag” has a frightening success rate of 90% and doesn’t require “sophisticated administrator privilege escalation.”
In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person’s flight path by tracking their game console.
“While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this,” said one of the researchers.
The researchers informed Apple about the exploit in July 2024 and recommended that the company update its Find My network to better verify Bluetooth devices. Although the company has publicly acknowledged the support of the George Mason team in discovering the exploit, Apple is yet to fix it (and hasn’t provided details of how it will do so).
The researchers warn that a true fix “may take years to roll out,” since even after Apple releases a new version of iOS that fixes the exploit, not everyone will update their iPhones and iPads immediately. For now, they advise users to never allow unnecessary access to the device’s Bluetooth when requested by apps, and of course, always keep their device’s software updated.
Read also
FTC: We use income earning auto affiliate links. More.
