An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher.
Security researcher Fabian Bräunlein has found a way to leverage Apple's Find My network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the data for them.
The Find My network uses the entire base of active iOS devices to act as nodes to transfer location data. Bräunlein explained in an extensive blog post that it is possible to emulate the way in which an AirTag connects to the Find My network and broadcasts its location. The AirTag sends its location via an encrypted broadcast, so when this data is replaced with a message, it is concealed by the broadcast's encryption.
Bräunlein's practical demonstration showed how short strings of text could be sent from a microcontroller running custom firmware over the Find My network. The text was received via a custom Mac app to decode and display the uploaded data.
It is not immediately clear if this Find My network exploit could be used maliciously or what useful purposes it may serve. Nonetheless, it seems that it could be difficult for Apple to prevent this unintended use due to the privacy-focused and end-to-end encrypted nature of the system.
For more information, see Bräunlein's full blog post, which explains in detail the entire technical process behind passing arbitrary data through the Find My network.
The first thought that comes to mind is someone installing a compromised IoT device that gains legitimate access to their network and then uses the Find My network to funnel data out of the network, bypassing any firewall rules that prevent the IoT device from communicating with the Internet at large.
It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
Another “IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving. Next week, “We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
This could be used for some kind of Denial of Service Attack, couldn't it?
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
Waiting for someone to show a hack that executed the following steps: 1) uses forgot password 2) clicks try another device for access code pin 3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin 4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker 5) hacker inlists a millennial to decrypt the puzzle 6) millennial asks for gluten free juice cleanser for payment 7) hacker gets in!
This could be used for some kind of Denial of Service Attack, couldn't it?
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
From the source:
With the public key validity check implemented, everything worked flawlessly. While I didn't do extensive performance testing and measurements, here are some estimates:
The sending rate on the microcontroller is currently ~3 bytes/second. Higher speeds could be achieved e.g. simply by caching the encoding results or by encoding one byte per advertisement In my tests, the receiving rate was limited by slow Mac hardware. Retrieving 16 bytes within one request takes ~5 seconds The latency is usually between 1 and 60 minutes depending on how many devices are around and other random factors.
"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!" :p
Following the announcement of AirTags this week, Apple's VP of worldwide iPhone product marketing, Kaiann Drance, and Apple's senior director of sensing and connectivity, Ron Huang, spoke with Fast Company about the Tile-like tracker and its design and privacy.
Speaking about the design of AirTag, Drance says Apple wanted to create a simple yet unique design for the tracker, keeping in mind...
Tuesday April 20, 2021 10:10 am PDT by Tim Hardwick
Apple today announced AirTag, a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.
AirTags are accessories for attaching to backpacks, luggage, and other items. Any U1 device like the iPhone 12 can be used for precision finding to guide you right to the item you're looking...
Samsung will release the Galaxy SmartTag Plus on April 16 for $39.99, becoming the first mainstream item tracker with support for ultra-wideband technology, The Verge reports.
In January, Samsung announced the "Galaxy SmartTag," a small squircle-shaped device that can be used to track and locate items such as keys, bags, and more. Samsung announced two versions of the SmartTag, one that uses ...
A frustrated AirTag owner has inadvertently discovered the existence of a hidden "developer mode" in the on-screen interface that Find My displays when the Precision Finding feature is activated to help locate one of Apple's item trackers. Precision Finding is a feature that provides users with specific on-screen directions for finding a nearby AirTag. iPhones with a U1 chip, which includes ...
Apple's new AirTag item trackers are ideal for attaching to things like bags and luggage cases, which makes it likely they'll become popular with travelers and backpackers who want to keep tabs on their personal possessions abroad. For this reason, it's worth remembering which AirTag features work wherever you are, which ones depend on you being nearby the AirTag, and which functions aren't...
Apple is enhancing AirTags security to prevent stalking using the Bluetooth devices, Apple told CNET today. Apple is already sending out over-the-air updates to AirTags that will shorten the amount of time before an unknown AirTag alerts you if it is in your possession.
At the current time, AirTags play a sound after three days of being away from their owner. After the update, AirTags will...
Thursday March 4, 2021 12:13 pm PST by Juli Clover
Ahead of the debut of AirTags and support for locating third-party Bluetooth items through Find My in iOS 14.5, a team of security researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt in Germany has reverse engineered the Find My protocol and developed an app that's designed to let anyone create an "AirTag" based on a Bluetooth-capable device.
Called...
Tuesday April 20, 2021 12:11 pm PDT by Juli Clover
Apple's long-awaited AirTag was finally unveiled today, and as expected, the small circle-shaped accessories can be attached to items like wallets, keys, and more to allow them to be tracked in the Find My app.
As was rumored ahead of release, each AirTag is equipped with a U1 chip, and on devices that also have U1 chips, there's a Precision Finding feature.
U1 Ultra Wideband chips are...
Tesla CEO Elon Musk has encouraged customers to buy the "Cyberwhistle" for $50 instead of Apple's much-discussed Polishing Cloth.
The product page, which Musk shared on Twitter on Tuesday evening, offers a limited edition stainless steel whistle with the same distinctive design of the Tesla Cybertruck:Inspired by Cybertruck, the limited-edition Cyberwhistle is a premium collectible made from ...
Tuesday November 30, 2021 8:08 am PST by Joe Rossignol
Apple plans to release a third-generation iPhone SE in the first quarter of 2022, according to Taiwanese research firm TrendForce. If this timeframe proves to be accurate, we can expect the device to be released by the end of March.
As previously rumored, TrendForce said the new iPhone SE will remain a mid-range smartphone with added support for 5G:In terms of product development, Apple is...
Tuesday November 30, 2021 1:51 pm PST by Juli Clover
In 2022, Apple is going to release an updated version of the MacBook Air with some of the biggest design changes that we've seen since 2010, when Apple introduced the 11 and 13-inch size options. In the video below, we highlight five features that you need to know about the new machine.
Subscribe to the MacRumors YouTube channel for more videos. No More Wedge Design - Current MacBook...
We've been tracking Apple product and accessory deals for Cyber Monday 2021 today, and now Woot is offering a solid discount on the previous generation 32GB Apple TV 4K. You can get this device in new condition for just $99.99 if you're an Amazon Prime member. Note that this sale will last for one day only.
Note: MacRumors is an affiliate partner with some of these vendors. When you click a...
Thursday December 2, 2021 12:05 am PST by Juli Clover
Along with naming its editorial picks for the top apps and games of 2021, Apple today shared charts for the most downloaded free and paid apps and games in the United States across 2021.
The number one most downloaded free iPhone app was TikTok, followed by YouTube, Instagram, Snapchat, and Facebook. The top paid iPhone apps included Procreate Pocket, HotSchedules, The Wonder Weeks, and Touch...
Monday November 29, 2021 7:38 am PST by Sami Fathi
In association with CIT as the financing partner, Apple has launched a new Mac Upgrade Program for small businesses and Apple business partners that allow companies to easily distribute and upgrade their fleets of MacBooks at an affordable price to all of their workers.
As outlined on CIT's website, shared by Max Weinbach, Apple Business Partners can distribute the 13-inch MacBook Pro,...
Images of transparent prototype AirPods and a 29W Apple power adapter have been shared on Twitter by Apple device collector Giulio Zompetti.
The prototypes, which appear to be either first-generation or second-generation AirPods, feature clear plastic along the stem and around the outer side of the earbud, with the normal white plastic on the inner side of the earbud. Transparent casings are ...
Apple is planning to replace the iPhone with an augmented reality (AR) headset in 10 years, a process that is apparently due to start as soon as next year with the launch of a head-mounted device, according to a recent report.
Concept render of Apple's rumored AR headset by Antonio De Rosa In a note to investors seen by MacRumors, eminent analyst Ming-Chi Kuo explained that "Apple's goal is...
Top Rated Comments
It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
“IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving.
Next week,
“We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
1) uses forgot password
2) clicks try another device for access code pin
3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin
4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker
5) hacker inlists a millennial to decrypt the puzzle
6) millennial asks for gluten free juice cleanser for payment
7) hacker gets in!
"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!"
:p