Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Find My Network Exploited to Send Messages

MacRumors

MacRumors

macrumors bot
Original poster
Apr 12, 2001
68,448
39,278


An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher.

apple-findmy-network-feature.jpg

Security researcher Fabian Bräunlein has found a way to leverage Apple's Find My network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the data for them.

The Find My network uses the entire base of active iOS devices to act as nodes to transfer location data. Bräunlein explained in an extensive blog post that it is possible to emulate the way in which an AirTag connects to the Find My network and broadcasts its location. The AirTag sends its location via an encrypted broadcast, so when this data is replaced with a message, it is concealed by the broadcast's encryption.

find-my-network-message-exploit.jpg

Bräunlein's practical demonstration showed how short strings of text could be sent from a microcontroller running custom firmware over the Find My network. The text was received via a custom Mac app to decode and display the uploaded data.

It is not immediately clear if this Find My network exploit could be used maliciously or what useful purposes it may serve. Nonetheless, it seems that it could be difficult for Apple to prevent this unintended use due to the privacy-focused and end-to-end encrypted nature of the system.

For more information, see Bräunlein's full blog post, which explains in detail the entire technical process behind passing arbitrary data through the Find My network.

Article Link: Find My Network Exploited to Send Messages
 
Article Link
https://www.macrumors.com/2021/05/12/find-my-network-exploited-to-send-messages/
  • Like
Reactions: ASentientBot
Another
“IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving.
Next week,
“We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
 
  • Like
  • Haha
  • Disagree
Reactions: jasweb, amartinez1660, PaulNoJustPaul and 13 others
This could be used for some kind of Denial of Service Attack, couldn't it?

You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
 
  • Like
Reactions: windowsblowsass, u+ive, amartinez1660 and 5 others
The first thought that comes to mind is someone installing a compromised IoT device that gains legitimate access to their network and then uses the Find My network to funnel data out of the network, bypassing any firewall rules that prevent the IoT device from communicating with the Internet at large.

It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
 
  • Like
Reactions: u+ive, amartinez1660, shadowbird423 and 7 others
I wonder if this could built upon to turn Find My into an ad-hoc mesh network that wouldn’t need to use cell signals. This way one could mass message everyone at a concert venue or other gathering of people, for example, without clogging up cellular networks.
 
  • Like
Reactions: shapesinaframe and xmach
ArtOfWarfare said:
This could be used for some kind of Denial of Service Attack, couldn't it?

You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
Click to expand...

From the source:

With the public key validity check implemented, everything worked flawlessly. While I didn't do extensive performance testing and measurements, here are some estimates:

The sending rate on the microcontroller is currently ~3 bytes/second. Higher speeds could be achieved e.g. simply by caching the encoding results or by encoding one byte per advertisement
In my tests, the receiving rate was limited by slow Mac hardware. Retrieving 16 bytes within one request takes ~5 seconds
The latency is usually between 1 and 60 minutes depending on how many devices are around and other random factors.
Click to expand...
 
  • Like
Reactions: justperry, motulist, xmach and 4 others
It's an interesting bit of tech. It seems to inherently have security issues not unlike THE ENTIRE INTERNET and the entire foundation of IP addresses and DNS. I can't imagine it's any less secure than anything else we have on our phone. Cellular networks and wifi are both full of exploits. They usually work because the holes are plugged, or at least they try and block the worst ones until a new one is discovered. The human immune system does an OK job, having developed for about 1.8 million years now, but I hate to tell these technologists it is also 'full of bugs'. The common cold being a really good one. No such thing as a 100% secure network.
 
Last edited:
  • Like
Reactions: amartinez1660, BillGates1969 and whichweather
Waiting for someone to show a hack that executed the following steps:
1) uses forgot password
2) clicks try another device for access code pin
3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin
4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker
5) hacker inlists a millennial to decrypt the puzzle
6) millennial asks for gluten free juice cleanser for payment
7) hacker gets in!
 
  • Like
  • Haha
Reactions: amartinez1660, hans1972, BillGates1969 and 4 others
I went to the Find My page on Apple and saw this:

app.jpg


Then I remembered this from Lord of the Rings. Spooky? ;)

One Ring to rule them all, One Ring to find them,
One Ring to bring them all and in the darkness bind them
In the Land of Mordor where the Shadows lie.
 
There may be an important, extraordinarily helpful use case in the context of disasters (natural and otherwise) when cell networks go down or are otherwise unavailable. Think Puerto Rico a few years ago after hurricane Maria. I’m sure there are countless other examples.
 
Does anyone know the relative ranges of Bluetooth vs ultrawideband? Right now the Find My network communicates via the former. If it instead or also relied upon UWB, would that have any implications for range?
 
PBG4 Dude said:
I wonder if this could built upon to turn Find My into an ad-hoc mesh network that wouldn’t need to use cell signals. This way one could mass message everyone at a concert venue or other gathering of people, for example, without clogging up cellular networks.
Click to expand...
This is the first thing that sprung to my mind. Maybe Apple will, one day, use the mesh functionality to enhance stuff like iMessage when you have bad reception (leveraging nearby devices to relay your texts).
 
  • Like
  • Haha
Reactions: shadowbird423 and bklement
xmach said:
There may be an important, extraordinarily helpful use case in the context of disasters (natural and otherwise) when cell networks go down or are otherwise unavailable. Think Puerto Rico a few years ago after hurricane Maria. I’m sure there are countless other examples.
Click to expand...
Won't help without cell towers. Find my and this exploit works by using the network access of the other device within bluetooth range.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back