Security Researchers Develop Framework for Tracking Bluetooth Devices Using Find My

Ahead of the debut of AirTags and support for locating third-party Bluetooth items through Find My in iOS 14.5, a team of security researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt in Germany has reverse engineered the ‌Find My‌ protocol and developed an app that's designed to let anyone create an "AirTag" based on a Bluetooth-capable device.

openhaystack mac app
Called OpenHaystack, the app and the source code are available on GitHub for those who are interested in taking a look. The app allows users to create their own Bluetooth tags based on the ‌Find My‌ network by installing an "AirTag" firmware image on a Bluetooth dongle.

The app displays the most recent location of a created Bluetooth tag reported by any iPhone using Apple's ‌Find My‌ network that was implemented in iOS 13, plus it shows the location of the tag on a map.

According to the security researchers, the created tags send out Bluetooth beacons, which are picked up by nearby iPhones that interpret the sending device as lost. The current geolocation is end-to-end encrypted and then uploaded to Apple, with the OpenHaystack app then downloading the encrypted report from Apple and decrypting it locally on the Mac.

In the process of developing this tool, the Secure Mobile Networking Lab researchers also identified a macOS Catalina ‌Find My‌ vulnerability that was reported to Apple and addressed in a 10.15.7 update released back in November. The vulnerability allowed a malicious app to access iCloud decryption keys to download and decrypt location reports submitted by the ‌Find My‌ network.

Apple's iOS 14.5 update includes support for tracking third-party Bluetooth devices in the ‌Find My‌ app using a new "Items" tab, which takes advantage of the same ‌Find My‌ protocol used for the Mac app.

At the current time, in-app tracking is limited to Beats headphones and upcoming Belkin wireless earbuds, but in the future, many third-party Bluetooth devices may include ‌Find My‌ integration, making it easier to keep track of them. This system will also be used by Apple's own rumored AirTags, which have yet to be released.

Top Rated Comments

Apple_Robert Avatar
19 months ago

This is good stuff guys! Apple is on top of it
Apple is on top of it? What does that mean?
Score: 7 Votes (Like | Disagree)
coolfactor Avatar
19 months ago
This strikes me as concerning.
Score: 6 Votes (Like | Disagree)
Corsig Avatar
19 months ago
Yeah that won’t last long
Score: 5 Votes (Like | Disagree)
Apple_Robert Avatar
19 months ago

The privacy.. security...
The article is about a couple of researchers creating an app that reverse engineers Find My. This isn't awesome stuff. This is concerning.

Edited to correct my misunderstanding.
Score: 5 Votes (Like | Disagree)
cmaier Avatar
19 months ago

Awesome! Let’s hope Apple don’t try to patch this.
Why not? Security holes are bad. Anyone who wants to integrate into the Find My network can do so the official way.
Score: 5 Votes (Like | Disagree)
Apple_Robert Avatar
19 months ago

Awesome! Let’s hope Apple don’t try to patch this.
I hope Apple does patch the vulnerability and render this app useless.
Score: 4 Votes (Like | Disagree)

Related Stories

find my test app 1

Apple's Third-Party Find My Accessory Program Gets Closer to Launch With New Test App

Tuesday April 6, 2021 11:06 am PDT by
Apple is getting closer to launching the third-party program that will allow item trackers and other Bluetooth devices to be tracked using the Find My app, based on the launch of a new app. As noted by TechCrunch, Apple Sunday introduced the Find My Certification Asst. app, which was created exclusively for Made for iPhone (MFi) licensees who need to test their accessories with the Find My...
Apple airtag accessories bag 042021 big carousel

What to Know if You Plan to Travel Abroad With AirTags

Friday April 23, 2021 7:10 am PDT by
Apple's new AirTag item trackers are ideal for attaching to things like bags and luggage cases, which makes it likely they'll become popular with travelers and backpackers who want to keep tabs on their personal possessions abroad. For this reason, it's worth remembering which AirTag features work wherever you are, which ones depend on you being nearby the AirTag, and which functions aren't...
appleprivacyad cleaned

iOS 15 Patched Security Hole That Potentially Exposed Users' Private Apple ID Information to Third-Party Apps

Thursday January 20, 2022 3:32 am PST by
Apple patched two significant security vulnerabilities when it released iOS 15 that could have potentially exposed users' private Apple ID information and in-app search history to malicious third-party apps and allowed apps to override user Privacy preferences, Apple has revealed in a recent support document update. With most iOS, macOS, tvOS, and watchOS updates, Apple provides a list of...
AirTag is Linked to Apple ID Feature

Apple Announces AirTag Updates to Address Unwanted Tracking

Thursday February 10, 2022 9:58 am PST by
Apple today announced that it is making some updates to AirTags with the aim of cutting down on unwanted tracking. There are several changes that will be implemented in a multi-phase rollout. In an upcoming software update, Apple plans to implement new privacy warnings that will show up during AirTag setup to thwart malicious use. The warning will make it clear that the AirTag is linked to...
f1618938547

Android Users Largely Excluded From AirTag Unwanted Tracking Improvements

Wednesday February 16, 2022 2:33 am PST by
Apple's recently announced unwanted tracking improvements for AirTags, which seek to cut down on individuals being unknowingly tracked with the device by another person, may not be a significant help to Android users. Unwanted tracking "has long been a societal problem," according to Apple, which is why ‌AirTags‌ were initially built with privacy in mind with the "first-ever proactive...
apple id warning

iOS 15.4 Beta 4 Includes AirTags Anti-Stalking Changes

Tuesday February 22, 2022 11:36 am PST by
The newly released fourth beta of iOS 15.4 introduces the anti-stalking AirTag changes that Apple announced earlier this month, providing a setup warning that using an AirTag or another Find My-linked item to track someone without consent is a crime. "You can locate this item using the Find My network," reads the setup screen. "Using this item to track people without their consent is a crime ...
airtag in hand

Apple AirTag Linked to Increasing Number of Car Thefts, Canadian Police Report

Friday December 3, 2021 7:10 am PST by
Apple's AirTags are being used in an increasing number of targeted car thefts in Canada, according to local police. Outlined in a news release from York Regional Police, investigators have identified a new method being used by thieves to track down and steal high-end vehicles that takes advantage of the AirTag's location tracking capabilities. While the method of stealing the cars is largely ...
apple findmy network feature

Find My Network Exploited to Send Messages

Wednesday May 12, 2021 8:11 am PDT by
An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher. Security researcher Fabian Bräunlein has found a way to leverage Apple's Find My network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the...

Popular Stories

iPhone 14 Pro Purple Rear Flat MacRumors Exclusive

iPhone 14 Pro Predicted to Start With Increased 256GB Storage Alongside Rumored Price Increase

Wednesday August 10, 2022 11:14 am PDT by
Earlier today, analyst Ming-Chi Kuo claimed iPhone 14 Pro models will be more expensive than iPhone 13 Pro models. Kuo did not reveal exact pricing, but he said that the average selling price of all four iPhone 14 models will increase by about 15% overall. While higher prices would be disappointing for customers, it is possible the iPhone 14 Pro and iPhone 14 Pro Max will offer increased...
iPhone 14 Pro Lineup Feature Silver

Kuo: Apple to Increase Prices of iPhone 14 Pro Models

Wednesday August 10, 2022 8:22 am PDT by
Apple plans to increase the prices of iPhone 14 Pro models compared to iPhone 13 Pro models, according to analyst Ming-Chi Kuo. Kuo did not reveal exact pricing for the iPhone 14 Pro models. However, in a tweet today, he estimated that the average selling price of the iPhone 14 lineup as a whole will increase by about 15% compared to the iPhone 13 lineup. In the United States, the iPhone...
iPhone 14 Pro Purple Front and Back MacRumors Exclusive feature

iPhone 14 Is Just a Few Weeks Away: Three Tips to Prepare for the New iPhone

Wednesday August 10, 2022 4:08 am PDT by
The launch of the new iPhone 14 is just a few weeks away, meaning millions of iPhone customers will soon upgrade their existing iPhone or perhaps get an iPhone for the first time. Exclusive MacRumors iPhone 14 Pro renders by graphic designer Ian Zelbo Whether upgrading from an older model or this is your first iPhone, we've rounded up a few tips to help you prepare for the next flagship...
battery percentage ios 16

Here's Why the iPhone Battery Status Icon in iOS 16 Is So Controversial

Wednesday August 10, 2022 4:34 am PDT by
In the latest iOS 16 beta, Apple has updated the status bar battery icon on iPhones with Face ID to display the exact percentage remaining rather than just a visual representation of battery level, and while the change has been largely welcomed, some users are unhappy with the way it has been implemented. In iOS 15 and earlier, battery percent has not been present on iPhones that have...
Apple Watch Body Temperature Finished

'High-Accuracy' Apple Watch Temperature Sensor Revealed by Patent Filing Just Weeks Before Series 8 Unveiling

Wednesday August 10, 2022 5:39 am PDT by
Apple has been granted a patent for a temperature sensor suitable for the Apple Watch, just weeks before the company is expected to unveil the Apple Watch Series 8 with body temperature sensing capabilities. The newly granted patent, spotted by MyHealthyApple, was filed with the United States Patent and Trademark Office and is titled "Temperature gradient sensing in electronic devices."...