Security Researchers Develop Framework for Tracking Bluetooth Devices Using Find My
Ahead of the debut of AirTags and support for locating third-party Bluetooth items through Find My in iOS 14.5, a team of security researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt in Germany has reverse engineered the Find My protocol and developed an app that's designed to let anyone create an "AirTag" based on a Bluetooth-capable device.
Called OpenHaystack, the app and the source code are available on GitHub for those who are interested in taking a look. The app allows users to create their own Bluetooth tags based on the Find My network by installing an "AirTag" firmware image on a Bluetooth dongle.
The app displays the most recent location of a created Bluetooth tag reported by any iPhone using Apple's Find My network that was implemented in iOS 13, plus it shows the location of the tag on a map.
According to the security researchers, the created tags send out Bluetooth beacons, which are picked up by nearby iPhones that interpret the sending device as lost. The current geolocation is end-to-end encrypted and then uploaded to Apple, with the OpenHaystack app then downloading the encrypted report from Apple and decrypting it locally on the Mac.
In the process of developing this tool, the Secure Mobile Networking Lab researchers also identified a macOS Catalina Find My vulnerability that was reported to Apple and addressed in a 10.15.7 update released back in November. The vulnerability allowed a malicious app to access iCloud decryption keys to download and decrypt location reports submitted by the Find My network.
Apple's iOS 14.5 update includes support for tracking third-party Bluetooth devices in the Find My app using a new "Items" tab, which takes advantage of the same Find My protocol used for the Mac app.
At the current time, in-app tracking is limited to Beats headphones and upcoming Belkin wireless earbuds, but in the future, many third-party Bluetooth devices may include Find My integration, making it easier to keep track of them. This system will also be used by Apple's own rumored AirTags, which have yet to be released.
Related Stories
Apple today announced the launch of its Find My network accessory program, allowing compatible third-party accessories to be tracked in the Find My app right alongside Apple devices. The first products that work with the Find My app will include a new Chipolo item tracker, Belkin earbuds, and select VanMoof e-bikes.
While it was initially suspected that Find My's third-party accessory...
AirTag orders are beginning to be marked as "shipped" for more customers on Apple's online store around the world, with most deliveries set to begin arriving to customers on Friday, April 30 launch day. A few lucky customers already received their AirTag orders earlier this week, providing us with a closer look at the unboxing experience.
Priced at $29 each or $99 for a four pack, users can ...
Apple today announced AirTag, a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.
AirTags are accessories for attaching to backpacks, luggage, and other items. Any U1 device like the iPhone 12 can be used for precision finding to guide you right to the item you're looking...
Apple's long-awaited AirTag was finally unveiled today, and as expected, the small circle-shaped accessories can be attached to items like wallets, keys, and more to allow them to be tracked in the Find My app.
As was rumored ahead of release, each AirTag is equipped with a U1 chip, and on devices that also have U1 chips, there's a Precision Finding feature.
U1 Ultra Wideband chips are...
FCC filings for Apple's newly released AirTags have revealed that the Cupertino tech giant began regulatory testing and preparing to seek regulatory approval for the product nearly two years before they were officially announced. A series of documents submitted to the Federal Communications Commission indicate that AirTag underwent testing for official certification between July and...
Apple today announced the launch of its Find My network accessory program, which is designed to allow third-party Bluetooth devices to be tracked in the Find My app right alongside your Apple devices.
According to Apple, the first accessory companies to take advantage of the new Find My integration include Belkin, Chipolo, and VanMoof, with devices set to be available beginning next week.
...
Last month, Apple opened up its Find My app to third-party device manufacturers, allowing for third-party products to be tracked in the Find My app right alongside Apple devices.
Chipolo is one of the first brands to offer this functionality with its new ONE Spot item tracker, which is now available to pre-order in the United States and many other countries, with pricing set at $28...
Apple's new AirTag item trackers are ideal for attaching to things like bags and luggage cases, which makes it likely they'll become popular with travelers and backpackers who want to keep tabs on their personal possessions abroad. For this reason, it's worth remembering which AirTag features work wherever you are, which ones depend on you being nearby the AirTag, and which functions aren't...
Apple is enhancing AirTags security to prevent stalking using the Bluetooth devices, Apple told CNET today. Apple is already sending out over-the-air updates to AirTags that will shorten the amount of time before an unknown AirTag alerts you if it is in your possession.
At the current time, AirTags play a sound after three days of being away from their owner. After the update, AirTags will...
As reported by 9to5Mac, AirTag Hermès is currently unavailable for purchase from Apple or directly from the Hermès website. The reasoning behind the unavailability remains unknown.
Apple's AirTags Hermès line features three separate styles, an AirTag with a Hermès keyring, bag charm, and luggage tag. All styles feature the standard AirTag with a removable backplate but engraved with...
Top Rated Comments
Edited to correct my misunderstanding.