3 min read
Users may effortlessly locate their devices and accessories, including AirTag, through Apple’s Find My network. Researchers from George Mason University found an issue that allows hackers to secretly follow any Bluetooth device through Apple’s network, even though it has anti-stalking security measures.
According to the researchers in a blog post, they have discovered a method to transform any device, like a phone or laptop, into an AirTag “without the owner ever realizing it.” This enables hackers to track the device’s location remotely.
How Apple’s Find My Network is being Exploited?
If you’re not familiar, Apple’s Find My network allows you to locate lost items by communicating over Bluetooth between your Apple device and AirTag or another compatible item tracker. The devices then communicate the precise location of the AirTag to its owner through Apple’s servers in an anonymous manner. The researchers figured out how to get Find My Network to follow any Bluetooth device—all you have to do is press the correct key.
Attackers created a method to swiftly find Bluetooth address keys, despite AirTag’s design to modify its Bluetooth address based on a cryptographic key. Multiple GPUs were used to find a key match, which made this possible. A terrifying 90% success rate is achieved by the “nRootTag” attack, which does not necessitate “sophisticated administrator privilege escalation.”
In one experiment, researchers were able to pinpoint a computer’s location within 10 feet. This allowed them to track a bicycle as it moved through the city. In another test, they followed a player’s controller to map out their flight path.
“While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this,” stated one of the researchers.
In July 2024, the researchers notified Apple of the vulnerability and suggested that the tech giant improve Bluetooth device verification with an upgrade to Find My network. Despite Apple’s open confession of the George Mason team’s assistance in finding the vulnerability, the tech giant has failed to address the issue and has offered no details on how it plans to do so.
The researchers have expressed concern that a permanent solution “may take years to roll out,” as not all users will promptly install Apple’s patched software, even after the company provides an update. For the time being, they recommend that customers always keep their software up-to-date and never give apps unwarranted access to their device’s Bluetooth.
