An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher.
Security researcher Fabian Bräunlein has found a way to leverage Apple's Find My network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the data for them.
The Find My network uses the entire base of active iOS devices to act as nodes to transfer location data. Bräunlein explained in an extensive blog post that it is possible to emulate the way in which an AirTag connects to the Find My network and broadcasts its location. The AirTag sends its location via an encrypted broadcast, so when this data is replaced with a message, it is concealed by the broadcast's encryption.
Bräunlein's practical demonstration showed how short strings of text could be sent from a microcontroller running custom firmware over the Find My network. The text was received via a custom Mac app to decode and display the uploaded data.
It is not immediately clear if this Find My network exploit could be used maliciously or what useful purposes it may serve. Nonetheless, it seems that it could be difficult for Apple to prevent this unintended use due to the privacy-focused and end-to-end encrypted nature of the system.
For more information, see Bräunlein's full blog post, which explains in detail the entire technical process behind passing arbitrary data through the Find My network.
The first thought that comes to mind is someone installing a compromised IoT device that gains legitimate access to their network and then uses the Find My network to funnel data out of the network, bypassing any firewall rules that prevent the IoT device from communicating with the Internet at large.
It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
Another “IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving. Next week, “We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
This could be used for some kind of Denial of Service Attack, couldn't it?
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
Waiting for someone to show a hack that executed the following steps: 1) uses forgot password 2) clicks try another device for access code pin 3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin 4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker 5) hacker inlists a millennial to decrypt the puzzle 6) millennial asks for gluten free juice cleanser for payment 7) hacker gets in!
This could be used for some kind of Denial of Service Attack, couldn't it?
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
From the source:
With the public key validity check implemented, everything worked flawlessly. While I didn't do extensive performance testing and measurements, here are some estimates:
The sending rate on the microcontroller is currently ~3 bytes/second. Higher speeds could be achieved e.g. simply by caching the encoding results or by encoding one byte per advertisement In my tests, the receiving rate was limited by slow Mac hardware. Retrieving 16 bytes within one request takes ~5 seconds The latency is usually between 1 and 60 minutes depending on how many devices are around and other random factors.
"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!" :p
Following the announcement of AirTags this week, Apple's VP of worldwide iPhone product marketing, Kaiann Drance, and Apple's senior director of sensing and connectivity, Ron Huang, spoke with Fast Company about the Tile-like tracker and its design and privacy.
Speaking about the design of AirTag, Drance says Apple wanted to create a simple yet unique design for the tracker, keeping in mind...
Tuesday April 20, 2021 10:10 am PDT by Tim Hardwick
Apple today announced AirTag, a Tile-like Bluetooth tracking device that's designed to be attached to items like keys and wallets for tracking purposes, letting you find them right in the Find My app.
AirTags are accessories for attaching to backpacks, luggage, and other items. Any U1 device like the iPhone 12 can be used for precision finding to guide you right to the item you're looking...
Samsung will release the Galaxy SmartTag Plus on April 16 for $39.99, becoming the first mainstream item tracker with support for ultra-wideband technology, The Verge reports.
In January, Samsung announced the "Galaxy SmartTag," a small squircle-shaped device that can be used to track and locate items such as keys, bags, and more. Samsung announced two versions of the SmartTag, one that uses ...
A frustrated AirTag owner has inadvertently discovered the existence of a hidden "developer mode" in the on-screen interface that Find My displays when the Precision Finding feature is activated to help locate one of Apple's item trackers. Precision Finding is a feature that provides users with specific on-screen directions for finding a nearby AirTag. iPhones with a U1 chip, which includes ...
Apple's new AirTag item trackers are ideal for attaching to things like bags and luggage cases, which makes it likely they'll become popular with travelers and backpackers who want to keep tabs on their personal possessions abroad. For this reason, it's worth remembering which AirTag features work wherever you are, which ones depend on you being nearby the AirTag, and which functions aren't...
Apple is enhancing AirTags security to prevent stalking using the Bluetooth devices, Apple told CNET today. Apple is already sending out over-the-air updates to AirTags that will shorten the amount of time before an unknown AirTag alerts you if it is in your possession.
At the current time, AirTags play a sound after three days of being away from their owner. After the update, AirTags will...
Thursday March 4, 2021 12:13 pm PST by Juli Clover
Ahead of the debut of AirTags and support for locating third-party Bluetooth items through Find My in iOS 14.5, a team of security researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt in Germany has reverse engineered the Find My protocol and developed an app that's designed to let anyone create an "AirTag" based on a Bluetooth-capable device.
Called...
Tuesday April 20, 2021 12:11 pm PDT by Juli Clover
Apple's long-awaited AirTag was finally unveiled today, and as expected, the small circle-shaped accessories can be attached to items like wallets, keys, and more to allow them to be tracked in the Find My app.
As was rumored ahead of release, each AirTag is equipped with a U1 chip, and on devices that also have U1 chips, there's a Precision Finding feature.
U1 Ultra Wideband chips are...
Thursday April 29, 2021 5:44 am PDT by Joe Rossignol
AirTag orders are beginning to be marked as "shipped" for more customers on Apple's online store around the world, with most deliveries set to begin arriving to customers on Friday, April 30 launch day. A few lucky customers already received their AirTag orders earlier this week, providing us with a closer look at the unboxing experience.
Priced at $29 each or $99 for a four pack, users can ...
Tuesday April 13, 2021 12:50 pm PDT by Joe Rossignol
Last week, Apple announced the launch of its Find My network accessory program, allowing compatible third-party accessories to be tracked in the Find My app right alongside Apple devices. The first products that work with the Find My app will include the new Chipolo item tracker, new Belkin earbuds, and two electric bikes from VanMoof.
Given that VanMoof is based in the Netherlands, Dutch...
Top Rated Comments
It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
“IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving.
Next week,
“We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
1) uses forgot password
2) clicks try another device for access code pin
3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin
4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker
5) hacker inlists a millennial to decrypt the puzzle
6) millennial asks for gluten free juice cleanser for payment
7) hacker gets in!
"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!"
:p