Find My Network Exploited to Send Messages

Wednesday May 12, 2021 8:11 am PDT by Hartley Charlton

An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher.

apple findmy network feature
Security researcher Fabian Bräunlein has found a way to leverage Apple's ‌Find My‌ network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the data for them.

The ‌Find My‌ network uses the entire base of active iOS devices to act as nodes to transfer location data. Bräunlein explained in an extensive blog post that it is possible to emulate the way in which an AirTag connects to the ‌Find My‌ network and broadcasts its location. The ‌AirTag‌ sends its location via an encrypted broadcast, so when this data is replaced with a message, it is concealed by the broadcast's encryption.

Bräunlein's practical demonstration showed how short strings of text could be sent from a microcontroller running custom firmware over the ‌Find My‌ network. The text was received via a custom Mac app to decode and display the uploaded data.

It is not immediately clear if this ‌Find My‌ network exploit could be used maliciously or what useful purposes it may serve. Nonetheless, it seems that it could be difficult for Apple to prevent this unintended use due to the privacy-focused and end-to-end encrypted nature of the system.

For more information, see Bräunlein's full blog post, which explains in detail the entire technical process behind passing arbitrary data through the ‌Find My‌ network.

Related Roundup: AirTag

Tag: Security

Buyer's Guide: AirTag (Buy Now)

Popular Stories

Apple Unveils Two New Products

Monday March 2, 2026 7:49 am PST by Joe Rossignol

Apple today introduced two new devices, including the iPhone 17e and an updated iPad Air. iPhone 17e features the same overall design as the iPhone 16e, but it gains Apple's A19 chip, MagSafe for magnetic wireless charging and magnetic accessories, Apple's second-generation C1X modem for faster 5G, and a doubled 256GB of base storage. In the U.S., the iPhone 17e starts at $599, just like the ...

Apple Announces iPhone 17e With A19 Chip, MagSafe, and More

Monday March 2, 2026 6:07 am PST by Hartley Charlton

Apple today announced the iPhone 17e, featuring the A19 chip, MagSafe connectivity, faster charging, and more. The iPhone 17e contains the A19 chip introduced in iPhone 17. It features a 6-core GPU and a 4-core GPU. Apple pointed out that this makes it up to 2x faster than the iPhone 11. The new 16-core Neural Engine is optimized for large generative models. The iPhone 17e also contains...

• 190 comments

Apple Unveils iPad Air With M4 Chip, Increased RAM, Wi-Fi 7, and More

Monday March 2, 2026 6:05 am PST by Joe Rossignol

Apple today introduced a new iPad Air, with key upgrades including Apple's M4 chip for faster performance, an increased 12GB of RAM, Apple's N1 wireless networking chip with Wi-Fi 7 support, and Apple's custom C1X modem in cellular models. The new iPad Air has the same overall design as the previous-generation model, which is equipped with the M3 chip, 8GB of RAM, and Wi-Fi 6E support....

• 171 comments

Top Rated Comments

zepfhyr

63 months ago

The first thought that comes to mind is someone installing a compromised IoT device that gains legitimate access to their network and then uses the Find My network to funnel data out of the network, bypassing any firewall rules that prevent the IoT device from communicating with the Internet at large.

It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.

Score: 10 Votes (Like | Disagree)

Unregistered 4U

63 months ago

Another
“IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving.
Next week,
“We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”

Score: 8 Votes (Like | Disagree)

ArtOfWarfare

63 months ago

This could be used for some kind of Denial of Service Attack, couldn't it?

You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.

Score: 8 Votes (Like | Disagree)

no_idea

63 months ago

Waiting for someone to show a hack that executed the following steps:
1) uses forgot password
2) clicks try another device for access code pin
3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin
4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker
5) hacker inlists a millennial to decrypt the puzzle
6) millennial asks for gluten free juice cleanser for payment
7) hacker gets in!

Score: 7 Votes (Like | Disagree)

TiggrToo

63 months ago

This could be used for some kind of Denial of Service Attack, couldn't it?

You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.

From the source:

With the public key validity check implemented, everything worked flawlessly. While I didn't do extensive performance testing and measurements, here are some estimates:

The sending rate on the microcontroller is currently ~3 bytes/second. Higher speeds could be achieved e.g. simply by caching the encoding results or by encoding one byte per advertisement
In my tests, the receiving rate was limited by slow Mac hardware. Retrieving 16 bytes within one request takes ~5 seconds
The latency is usually between 1 and 60 minutes depending on how many devices are around and other random factors.

Score: 7 Votes (Like | Disagree)