An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher.
Security researcher Fabian Bräunlein has found a way to leverage Apple's Find My network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the data for them.
The Find My network uses the entire base of active iOS devices to act as nodes to transfer location data. Bräunlein explained in an extensive blog post that it is possible to emulate the way in which an AirTag connects to the Find My network and broadcasts its location. The AirTag sends its location via an encrypted broadcast, so when this data is replaced with a message, it is concealed by the broadcast's encryption.
Bräunlein's practical demonstration showed how short strings of text could be sent from a microcontroller running custom firmware over the Find My network. The text was received via a custom Mac app to decode and display the uploaded data.
It is not immediately clear if this Find My network exploit could be used maliciously or what useful purposes it may serve. Nonetheless, it seems that it could be difficult for Apple to prevent this unintended use due to the privacy-focused and end-to-end encrypted nature of the system.
For more information, see Bräunlein's full blog post, which explains in detail the entire technical process behind passing arbitrary data through the Find My network.
The first thought that comes to mind is someone installing a compromised IoT device that gains legitimate access to their network and then uses the Find My network to funnel data out of the network, bypassing any firewall rules that prevent the IoT device from communicating with the Internet at large.
It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
Another “IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving. Next week, “We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
This could be used for some kind of Denial of Service Attack, couldn't it?
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
Waiting for someone to show a hack that executed the following steps: 1) uses forgot password 2) clicks try another device for access code pin 3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin 4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker 5) hacker inlists a millennial to decrypt the puzzle 6) millennial asks for gluten free juice cleanser for payment 7) hacker gets in!
This could be used for some kind of Denial of Service Attack, couldn't it?
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
From the source:
With the public key validity check implemented, everything worked flawlessly. While I didn't do extensive performance testing and measurements, here are some estimates:
The sending rate on the microcontroller is currently ~3 bytes/second. Higher speeds could be achieved e.g. simply by caching the encoding results or by encoding one byte per advertisement In my tests, the receiving rate was limited by slow Mac hardware. Retrieving 16 bytes within one request takes ~5 seconds The latency is usually between 1 and 60 minutes depending on how many devices are around and other random factors.
"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!" :p
Tuesday October 5, 2021 1:31 pm PDT by Juli Clover
The new 4A400 AirPods Pro and AirPods Max firmware that was released this afternoon adds expanded Find My integration that Apple first promised as an iOS 15 feature back in June. Images via MacRumors reader SRM1982 With the update, AirPods Pro and AirPods Max are able to take advantage of the Find My network, allowing them to be located through connections with the Apple devices owned by...
Thursday February 10, 2022 9:58 am PST by Juli Clover
Apple today announced that it is making some updates to AirTags with the aim of cutting down on unwanted tracking. There are several changes that will be implemented in a multi-phase rollout.
In an upcoming software update, Apple plans to implement new privacy warnings that will show up during AirTag setup to thwart malicious use. The warning will make it clear that the AirTag is linked to...
Monday January 17, 2022 4:26 am PST by Tim Hardwick
The British Government is reportedly preparing a publicity attack on end-to-end encryption in an effort to mobilize public opinion against the technology by framing it as a child safety issue, with its main aim being to derail Facebook's plan to end-to-end encrypt its Messenger platform. According to Rolling Stone, the Home Office has hired the M&C Saatchi advertising agency to plan the...
Wednesday February 16, 2022 9:47 am PST by Juli Clover
Though Apple last week announced changes to AirTags that will likely help cut down on unwanted tracking, officials are starting to take notice of complaints. New York Attorney General Letitia James today sent out a consumer alert with "safety recommendations" to protect New Yorkers from AirTags (via The Mac Observer).
Across the country, Apple AirTags are being misused to track people and...
Apple is making some major improvements to the Find My app in iOS 15, making it easier to keep track of your Apple devices and AirTags. With the Find My network, Apple says that you can locate devices even after they've been turned off, a feature that's helpful if a missing device is stolen and disabled or if a lost device has a low battery.
It's not clear how this feature works, but it...
Apple has toggled end-to-end encryption for Safari bookmarks in iCloud, further expanding the type of user data that the company fully encrypts, offering the highest level of privacy and data protection.
Spotted on Reddit, an update to Apple's "iCloud security overview" page has indicated that alongside Safari tabs and history, Safari bookmarks are now end-to-end encrypted, meaning no one,...
Accessory maker Targus today announced that its Cypress Hero EcoSmart Backpack with built-in support for Apple's Find My app will be available in spring or summer 2022 for a suggested price of $149.99 in the United States.
The backpack is equipped with a small tracking module that allows the backpack's location to be tracked in the Find My app on the iPhone, iPad, Mac, and Apple Watch...
Wednesday September 15, 2021 9:56 am PDT by Juli Clover
Apple this week continued distributing new firmware for the AirTags that first rolled out in August. There have been several minor releases with different build numbers, and behind the scenes, those tweaks were to meter the number of people who were seeing the AirTag update at one time.
The last version, for example, with a build number of 1A291e changed nothing other than the rate limit on...
YouTuber Unbox Therapy has shared a hands-on look at the iPhone 14 Pro Max using what he claims is a one-to-one replica created by third-party case makers with access to detailed schematics and dimensions for Apple's new upcoming flagship smartphone.
As with the iPhone 13 Pro lineup, in 2022, we are expecting a 6.1-inch iPhone 14 Pro and a 6.7-inch iPhone 14 Pro Max, but this time the Pro...
Apple today released macOS Monterey 12.4, the fourth major update to the macOS Monterey operating system that launched in October 2021. macOS Monterey 12.4 comes over two months after the launch of macOS Monterey 12.3, an update that added Universal Control.
The macOS Monterey 12.4 update can be downloaded on all eligible Macs using the Software Update section of System...
Apple today released iOS 15.5 and iPadOS 15.5, the fifth major updates to the iOS and iPadOS 15 operating systems that were initially released in September 2021. iOS and iPadOS 15.5 come a little over two months after the launch of iOS 15.4 and iPadOS 15.4.
The iOS 15.5 and iPadOS 15.5 updates can be downloaded for free and the software is available on all eligible devices over-the-air in...
iOS 16 will include new ways of interacting with the system and some "fresh Apple apps," Bloomberg's Mark Gurman has said, offering some more detail on what Apple has in store for the upcoming release of iOS and iPadOS set to be announced in a few weeks at WWDC. In the latest edition of his Power On newsletter, Gurman wrote that while iOS 16 is not likely to introduce a major face-lift to...
The Apple Watch Series 8 could feature an all-new design with a flat display, according to the leaker known as "ShrimpApplePro."
In his latest video on the YouTube channel Front Page Tech, Jon Prosser highlighted information from ShrimpApplePro that suggests the Apple Watch Series 8 could feature a flat display in what seems to be a design originally rumored for the Apple Watch Series 7. ...
WhatsApp is working on a new feature that will allow users to "silently" leave group chats hosted by the messaging platform instead of all members of the group being notified when they do.
As it stands, when someone leaves a group chat, WhatsApp announces their exit to the entire group, making the act of leaving very public. It's not possible right now to leave a group quietly, but WhatsApp...
Apple today released tvOS 15.5, the fifth major update to the tvOS operating system that first launched in September 2021. tvOS 15.5 comes more than two months after the release of tvOS 15.4, an update that brought support for captive WiFi networks.
tvOS 15.5 can be downloaded over the air on the Apple TV through the Settings app by going to System > Software Update. Apple...
Apple on May 16 released iOS 15.5 and iPadOS 15.5, bringing improvements for Podcasts and Apple Cash, the ability to see Wi-Fi signal of HomePods, dozens of security fixes, and more.
Top Rated Comments
It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
“IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving.
Next week,
“We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
1) uses forgot password
2) clicks try another device for access code pin
3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin
4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker
5) hacker inlists a millennial to decrypt the puzzle
6) millennial asks for gluten free juice cleanser for payment
7) hacker gets in!
"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!"
:p