Find My Network Exploited to Send Messages

An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher.

apple findmy network feature
Security researcher Fabian Bräunlein has found a way to leverage Apple's ‌Find My‌ network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the data for them.

The ‌Find My‌ network uses the entire base of active iOS devices to act as nodes to transfer location data. Bräunlein explained in an extensive blog post that it is possible to emulate the way in which an AirTag connects to the ‌Find My‌ network and broadcasts its location. The AirTag sends its location via an encrypted broadcast, so when this data is replaced with a message, it is concealed by the broadcast's encryption.

find my network message exploit
Bräunlein's practical demonstration showed how short strings of text could be sent from a microcontroller running custom firmware over the ‌Find My‌ network. The text was received via a custom Mac app to decode and display the uploaded data.

It is not immediately clear if this ‌Find My‌ network exploit could be used maliciously or what useful purposes it may serve. Nonetheless, it seems that it could be difficult for Apple to prevent this unintended use due to the privacy-focused and end-to-end encrypted nature of the system.

For more information, see Bräunlein's full blog post, which explains in detail the entire technical process behind passing arbitrary data through the ‌Find My‌ network.

Related Forum: AirTags

Top Rated Comments

zepfhyr Avatar
18 months ago
The first thought that comes to mind is someone installing a compromised IoT device that gains legitimate access to their network and then uses the Find My network to funnel data out of the network, bypassing any firewall rules that prevent the IoT device from communicating with the Internet at large.

It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
Score: 10 Votes (Like | Disagree)
Unregistered 4U Avatar
18 months ago
Another
“IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving.
Next week,
“We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
Score: 8 Votes (Like | Disagree)
ArtOfWarfare Avatar
18 months ago
This could be used for some kind of Denial of Service Attack, couldn't it?

You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
Score: 8 Votes (Like | Disagree)
no_idea Avatar
18 months ago
Waiting for someone to show a hack that executed the following steps:
1) uses forgot password
2) clicks try another device for access code pin
3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin
4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker
5) hacker inlists a millennial to decrypt the puzzle
6) millennial asks for gluten free juice cleanser for payment
7) hacker gets in!
Score: 7 Votes (Like | Disagree)
TiggrToo Avatar
18 months ago

This could be used for some kind of Denial of Service Attack, couldn't it?

You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
From the source:


With the public key validity check implemented, everything worked flawlessly. While I didn't do extensive performance testing and measurements, here are some estimates:

The sending rate on the microcontroller is currently ~3 bytes/second. Higher speeds could be achieved e.g. simply by caching the encoding results or by encoding one byte per advertisement
In my tests, the receiving rate was limited by slow Mac hardware. Retrieving 16 bytes within one request takes ~5 seconds
The latency is usually between 1 and 60 minutes depending on how many devices are around and other random factors.
Score: 7 Votes (Like | Disagree)
KaliYoni Avatar
18 months ago
Start the countdown...3, 2, 1, GO!

"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!"
:p
Score: 6 Votes (Like | Disagree)

Related Stories

airpods pro find my

New AirPods Pro and AirPods Max Firmware Adds Updated Find My Integration

Tuesday October 5, 2021 1:31 pm PDT by
The new 4A400 AirPods Pro and AirPods Max firmware that was released this afternoon adds expanded Find My integration that Apple first promised as an iOS 15 feature back in June. Images via MacRumors reader SRM1982 With the update, AirPods Pro and AirPods Max are able to take advantage of the Find My network, allowing them to be located through connections with the Apple devices owned by...
AirTag is Linked to Apple ID Feature

Apple Announces AirTag Updates to Address Unwanted Tracking

Thursday February 10, 2022 9:58 am PST by
Apple today announced that it is making some updates to AirTags with the aim of cutting down on unwanted tracking. There are several changes that will be implemented in a multi-phase rollout. In an upcoming software update, Apple plans to implement new privacy warnings that will show up during AirTag setup to thwart malicious use. The warning will make it clear that the AirTag is linked to...
s960 2MS Home Office sign 960x640

UK Government Readies Anti-Encryption Publicity Campaign to 'Keep Children Safe' Online

Monday January 17, 2022 4:26 am PST by
The British Government is reportedly preparing a publicity attack on end-to-end encryption in an effort to mobilize public opinion against the technology by framing it as a child safety issue, with its main aim being to derail Facebook's plan to end-to-end encrypt its Messenger platform. According to Rolling Stone, the Home Office has hired the M&C Saatchi advertising agency to plan the...
airtag in hand

New York Attorney General Issues AirTag Consumer Alert Over Stalking Concerns

Wednesday February 16, 2022 9:47 am PST by
Though Apple last week announced changes to AirTags that will likely help cut down on unwanted tracking, officials are starting to take notice of complaints. New York Attorney General Letitia James today sent out a consumer alert with "safety recommendations" to protect New Yorkers from AirTags (via The Mac Observer). Across the country, Apple AirTags are being misused to track people and...
FindMy Feature

iOS 15 Find My App Lets You Find Devices That Are Turned Off or Erased

Monday June 7, 2021 4:04 pm PDT by
Apple is making some major improvements to the Find My app in iOS 15, making it easier to keep track of your Apple devices and AirTags. With the Find My network, Apple says that you can locate devices even after they've been turned off, a feature that's helpful if a missing device is stolen and disabled or if a lost device has a low battery. It's not clear how this feature works, but it...
apple privacy

Apple Makes iCloud Safari Bookmarks End-To-End Encrypted [Updated]

Monday October 4, 2021 1:28 am PDT by
Apple has toggled end-to-end encryption for Safari bookmarks in iCloud, further expanding the type of user data that the company fully encrypts, offering the highest level of privacy and data protection. Spotted on Reddit, an update to Apple's "iCloud security overview" page has indicated that alongside Safari tabs and history, Safari bookmarks are now end-to-end encrypted, meaning no one,...
targus backpack find my

CES 2022: Targus Debuts Backpack That Supports 'Find My' App Without an AirTag

Monday January 3, 2022 4:30 pm PST by
Accessory maker Targus today announced that its Cypress Hero EcoSmart Backpack with built-in support for Apple's Find My app will be available in spring or summer 2022 for a suggested price of $149.99 in the United States. The backpack is equipped with a small tracking module that allows the backpack's location to be tracked in the Find My app on the iPhone, iPad, Mac, and Apple Watch...
AitTag New Firmware

Apple Makes Latest AirTags Firmware Available to All Users

Wednesday September 15, 2021 9:56 am PDT by
Apple this week continued distributing new firmware for the AirTags that first rolled out in August. There have been several minor releases with different build numbers, and behind the scenes, those tweaks were to meter the number of people who were seeing the AirTag update at one time. The last version, for example, with a build number of 1A291e changed nothing other than the rate limit on...

Popular Stories

apple watch ultra hammer test

YouTuber Tests Apple Watch Ultra Durability With a Hammer: Table Breaks Before the Watch

Sunday September 25, 2022 2:27 pm PDT by
A YouTuber has put Apple's claims for the durability of the Apple Watch Ultra to the test by putting it up against a drop test, a jar of nails, and repeated hits with a hammer to test the sapphire crystal protecting the display. TechRax, a channel popular for testing the durability of products, first tested the Apple Watch Ultra by dropping it from around four feet high. The Apple Watch...
tim cook spring loaded event

Six Major Products to Expect From Apple in 2023

Sunday September 25, 2022 10:57 am PDT by
As we approach the end of a busy product release season for Apple with only new iPads and Macs left to be announced over the next month or so, we're also setting our sights on 2023. Apple is rumored to have several major products in the pipeline for next year, including new Macs, a new HomePod, a VR/AR headset, and so much more. Other than new iPhones and Apple Watches, which are expected...
Tim Cook Apple Event

Gurman: New iPads and Macs May Be Announced Through Press Releases, No October Event

Sunday September 25, 2022 6:50 am PDT by
Apple may decide to release its remaining products for 2022, which include updated iPad Pro, Mac mini, and 14-inch and 16-inch MacBook Pro models, through press releases on its website rather than a digital event, according to Bloomberg's Mark Gurman. In his latest Power On newsletter, Gurman said that Apple is currently "likely to release its remaining 2022 products via press releases,...
AirPods Max 2022 Colors

Ten Things AirPods Pro 2 Tell Us About AirPods Max 2

Saturday September 24, 2022 1:00 am PDT by
Upon the release of the second-generation AirPods Pro, the AirPods Max became the oldest current-generation AirPods product still in Apple's lineup. Introducing several new features like Adaptive Transparency and the H2 chip, the second-generation AirPods Pro may provide some of the best indications yet of what to expect from the second-generation AirPods Max. Almost two years later, rumors...
iPhone 14 Pro Sports Scores Dynamic Island

iPhone 14 Pro Features Live Sports Scores in Dynamic Island on iOS 16.1

Monday September 26, 2022 7:52 am PDT by
Earlier this month, Apple announced that iOS 16.1 will enable a new Live Activities feature that allows iPhone users to stay on top of things that are happening in real time, such as a sports game or a food delivery order, right from the Lock Screen. On the iPhone 14 Pro and Pro Max, Live Activities also integrate with the Dynamic Island. Premier League match in Dynamic Island via Paul Bradford ...
General iOS 16 Feature Yellow

Some iOS 16 Users Continue to Face Unaddressed Bugs and Battery Drain Two Weeks After Launch

Monday September 26, 2022 7:34 am PDT by
Today marks exactly two weeks since Apple released iOS 16 to the public. Besides the personalized Lock Screen, major changes in Messages, and new features in Maps, the update has also seen its fair share of bugs, performance problems, battery drain, and more. After major iOS updates, it's normal for some users to report having issues with the new update, but such reports usually subside in...
iPhone 14 Pros in Hand Black Background Feature

Verizon iPhone 14 Pro Customers Reporting Cellular Connection Issues

Monday September 26, 2022 6:23 am PDT by
iPhone 14 Pro customers on the Verizon network in the U.S. are reporting issues with slow and unreliable 5G cellular connections and calls randomly dropping. Several threads on Reddit (1,2,3) and the MacRumors forums chronicle issues faced by Verizon customers and Apple's latest iPhone. According to user reports, signal strength on the iPhone 14 Pro is unreliable and weak, while other...
iphone 14 pro max deep purple

iPhone 15 'Ultra' Could Replace Pro Max Model Next Year

Sunday September 25, 2022 7:02 am PDT by
Apple is gearing up to possibly replace its "Pro Max" iPhone with an all-new "Ultra" iPhone 15 model next year, reliable Bloomberg journalist Mark Gurman said today. Writing in his latest Power On newsletter, Gurman said that for the iPhone 15, Apple is planning a revamped design alongside USB-C and a potential name change. Apple could replace its "Pro Max" branding, which it started to use...
apple watch ultra deuglify 1

Apple Watch Ultra User Mods Titanium Casing to 'Deuglify' Design

Tuesday September 27, 2022 8:05 am PDT by
An Apple Watch Ultra user has modified their new device's casing to add a brushed finish and remove the orange color of the Action Button in an effort to make it more visually appealing. The Apple Watch Ultra offers the first complete redesign of the Apple Watch since the product line's announcement in 2014, and while the design has been met with praise from many users, some have criticized...