Find My Network Exploit Turns Any Bluetooth Device Into a Tracker

[I7guy]

Edit: MitM attack and Trojan. It's complicated I started reading the method. Clever

So all the hackers need is one compromised computer in the world that is next to an iPhone with Bluetooth and find my turned on to track anybody that has Bluetooth and find my turned on?

Did I get that right?

 

[CarAnalogy]

Website: https://nroottag.github.io/

How it works (from the link above):

1. Through pairing, an AirTag shares the public / private key information with the owner’s device.
2. When the AirTag is separated from the paired device, it advertises its public key via BLE advertisements, known as lost messages.
3. Nearby Apple devices, referred to as finders, generate encrypted location reports and send them, along with the hashed public key, to the Apple Cloud.
4. The Apple Cloud allows anyone to use a hashed public key to retrieve the associated location reports, which can only be decrypted using the correct private key. To ensure anonymity, finders do not authenticate whether a lost message is sent from an Apple device.

IIUC, any program that can send BLE advertisements can make the device it’s running on trackable via Apple’s Find My network.

So, and I'm not being sarcastic here, it's another example of:

1. Get user to execute arbitrary code and grant permissions
2. Exploit!!!

Quick edited: it's bad that this allows adding it to the find my network, but the same old advice applies as always.

 

[Chungry]

So all the hackers need is one compromised computer in the world that is next to an iPhone with Bluetooth and find my turned on to track anybody that has Bluetooth and find my turned on?

Did I get that right?

Correct that's the gist. One device, let's call it the finder (heh) needs to be able to run the code to masquerade and catch the BT key.

 

[svish]

Quite a serious issue. It has been some time since it was identified. Hopefully Apple will fix this soon.

 

[amartinez1660]

This is pretty cool and innovative. I know people are stressing about the potential bad cases but most the uses are awesome. I sure it will have to be patched for safety but turning any bluetooth device into an AirTag is very cool.

Those were exactly my thoughts: “Find My Switch”, “Find My Steam Deck”, “Find My random Windows Laptop”, “Find My…” without having to strap an AirTag to everything.

Made think if actually AirTags are some sort of a scam in the way they are presented, as if they are amazing tech and “a must” for the tracking for work. When in reality they are apparently “just giving Bluetooth” to smaller and/or inert items like keys, wallets, backpacks, etc

 

[thefrost]

How scary.

 

[shamino]

wait, does that mean that you could actually track ANY of your bluetooth devices without buying an airtag? that'd be awesome

Yes, if you can install software on the device so it will advertise itself. Then you can register it with your Apple ID and use the Find My network to locate it.

It appears that you need to enroll in Apple's MFI program to get the official documentation and specifications, but there's no technical reason why you couldn't run a software-based Find My tracker service on any device. Of course, there may be legal issues, so be sure to read the terms of MFI program membership before you try connecting a non-MFI-certified device to the FindMy network.