Security Researchers Develop Framework for Tracking Bluetooth Devices Using Find My

by

Ahead of the debut of AirTags and support for locating third-party Bluetooth items through Find My in iOS 14.5, a team of security researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt in Germany has reverse engineered the ‌Find My‌ protocol and developed an app that's designed to let anyone create an "AirTag" based on a Bluetooth-capable device.

openhaystack mac app
Called OpenHaystack, the app and the source code are available on GitHub for those who are interested in taking a look. The app allows users to create their own Bluetooth tags based on the ‌Find My‌ network by installing an "‌AirTag‌" firmware image on a Bluetooth dongle.

The app displays the most recent location of a created Bluetooth tag reported by any iPhone using Apple's ‌Find My‌ network that was implemented in iOS 13, plus it shows the location of the tag on a map.

According to the security researchers, the created tags send out Bluetooth beacons, which are picked up by nearby iPhones that interpret the sending device as lost. The current geolocation is end-to-end encrypted and then uploaded to Apple, with the OpenHaystack app then downloading the encrypted report from Apple and decrypting it locally on the Mac.

In the process of developing this tool, the Secure Mobile Networking Lab researchers also identified a macOS Catalina ‌Find My‌ vulnerability that was reported to Apple and addressed in a 10.15.7 update released back in November. The vulnerability allowed a malicious app to access iCloud decryption keys to download and decrypt location reports submitted by the ‌Find My‌ network.

Apple's iOS 14.5 update includes support for tracking third-party Bluetooth devices in the ‌Find My‌ app using a new "Items" tab, which takes advantage of the same ‌Find My‌ protocol used for the Mac app.

At the current time, in-app tracking is limited to Beats headphones and upcoming Belkin wireless earbuds, but in the future, many third-party Bluetooth devices may include ‌Find My‌ integration, making it easier to keep track of them. This system will also be used by Apple's own rumored AirTags, which have yet to be released.

Tag: Find My Guide

Top Rated Comments

Apple_Robert Avatar
Apple_Robert
41 months ago

This is good stuff guys! Apple is on top of it
Apple is on top of it? What does that mean?
Score: 7 Votes (Like | Disagree)
coolfactor Avatar
coolfactor
41 months ago
This strikes me as concerning.
Score: 6 Votes (Like | Disagree)
Corsig Avatar
Corsig
41 months ago
Yeah that won’t last long
Score: 5 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
41 months ago

The privacy.. security...
The article is about a couple of researchers creating an app that reverse engineers Find My. This isn't awesome stuff. This is concerning.

Edited to correct my misunderstanding.
Score: 5 Votes (Like | Disagree)
cmaier Avatar
cmaier
41 months ago

Awesome! Let’s hope Apple don’t try to patch this.
Why not? Security holes are bad. Anyone who wants to integrate into the Find My network can do so the official way.
Score: 5 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
41 months ago

Awesome! Let’s hope Apple don’t try to patch this.
I hope Apple does patch the vulnerability and render this app useless.
Score: 4 Votes (Like | Disagree)
Read All Comments

Popular Stories

maxresdefault

Apple Announces 'Let Loose' Event on May 7 Amid Rumors of New iPads

Tuesday April 23, 2024 7:11 am PDT by
Apple has announced it will be holding a special event on Tuesday, May 7 at 7 a.m. Pacific Time (10 a.m. Eastern Time), with a live stream to be available on Apple.com and on YouTube as usual. The event invitation has a tagline of "Let Loose" and shows an artistic render of an Apple Pencil, suggesting that iPads will be a focus of the event. Subscribe to the MacRumors YouTube channel for more ...
Read Full Article264 comments
Apple Vision Pro Dual Loop Band Orange Feature 2

Apple Cuts Vision Pro Shipments as Demand Falls 'Sharply Beyond Expectations'

Tuesday April 23, 2024 9:44 am PDT by
Apple has dropped the number of Vision Pro units that it plans to ship in 2024, going from an expected 700 to 800k units to just 400k to 450k units, according to Apple analyst Ming-Chi Kuo. Orders have been scaled back before the Vision Pro has launched in markets outside of the United States, which Kuo says is a sign that demand in the U.S. has "fallen sharply beyond expectations." As a...
Read Full Article404 comments
Apple Silicon AI Optimized Feature Siri

Apple Releases Open Source AI Models That Run On-Device

Wednesday April 24, 2024 3:39 pm PDT by
Apple today released several open source large language models (LLMs) that are designed to run on-device rather than through cloud servers. Called OpenELM (Open-source Efficient Language Models), the LLMs are available on the Hugging Face Hub, a community for sharing AI code. As outlined in a white paper [PDF], there are eight total OpenELM models, four of which were pre-trained using the...
Read Full Article59 comments
iPad And Calculator App Feature

Apple Finally Plans to Release a Calculator App for iPad Later This Year

Tuesday April 23, 2024 9:08 am PDT by
Apple is finally planning a Calculator app for the iPad, over 14 years after launching the device, according to a source familiar with the matter. iPadOS 18 will include a built-in Calculator app for all iPad models that are compatible with the software update, which is expected to be unveiled during the opening keynote of Apple's annual developers conference WWDC on June 10. AppleInsider...
Read Full Article214 comments
iOS 17 All New Features Thumb

iOS 17.5 Will Add These New Features to Your iPhone

Sunday April 21, 2024 3:00 am PDT by
The upcoming iOS 17.5 update for the iPhone includes only a few new user-facing features, but hidden code changes reveal some additional possibilities. Below, we have recapped everything new in the iOS 17.5 and iPadOS 17.5 beta so far. Web Distribution Starting with the second beta of iOS 17.5, eligible developers are able to distribute their iOS apps to iPhone users located in the EU...
Read Full Article