An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher.
Security researcher Fabian Bräunlein has found a way to leverage Apple's Find My network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the data for them.
The Find My network uses the entire base of active iOS devices to act as nodes to transfer location data. Bräunlein explained in an extensive blog post that it is possible to emulate the way in which an AirTag connects to the Find My network and broadcasts its location. The AirTag sends its location via an encrypted broadcast, so when this data is replaced with a message, it is concealed by the broadcast's encryption.
Bräunlein's practical demonstration showed how short strings of text could be sent from a microcontroller running custom firmware over the Find My network. The text was received via a custom Mac app to decode and display the uploaded data.
It is not immediately clear if this Find My network exploit could be used maliciously or what useful purposes it may serve. Nonetheless, it seems that it could be difficult for Apple to prevent this unintended use due to the privacy-focused and end-to-end encrypted nature of the system.
For more information, see Bräunlein's full blog post, which explains in detail the entire technical process behind passing arbitrary data through the Find My network.
The first thought that comes to mind is someone installing a compromised IoT device that gains legitimate access to their network and then uses the Find My network to funnel data out of the network, bypassing any firewall rules that prevent the IoT device from communicating with the Internet at large.
It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
Another “IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving. Next week, “We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
This could be used for some kind of Denial of Service Attack, couldn't it?
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
Waiting for someone to show a hack that executed the following steps: 1) uses forgot password 2) clicks try another device for access code pin 3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin 4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker 5) hacker inlists a millennial to decrypt the puzzle 6) millennial asks for gluten free juice cleanser for payment 7) hacker gets in!
This could be used for some kind of Denial of Service Attack, couldn't it?
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
From the source:
With the public key validity check implemented, everything worked flawlessly. While I didn't do extensive performance testing and measurements, here are some estimates:
The sending rate on the microcontroller is currently ~3 bytes/second. Higher speeds could be achieved e.g. simply by caching the encoding results or by encoding one byte per advertisement In my tests, the receiving rate was limited by slow Mac hardware. Retrieving 16 bytes within one request takes ~5 seconds The latency is usually between 1 and 60 minutes depending on how many devices are around and other random factors.
"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!" :p
Tuesday October 5, 2021 1:31 pm PDT by Juli Clover
The new 4A400 AirPods Pro and AirPods Max firmware that was released this afternoon adds expanded Find My integration that Apple first promised as an iOS 15 feature back in June. Images via MacRumors reader SRM1982 With the update, AirPods Pro and AirPods Max are able to take advantage of the Find My network, allowing them to be located through connections with the Apple devices owned by...
Thursday February 10, 2022 9:58 am PST by Juli Clover
Apple today announced that it is making some updates to AirTags with the aim of cutting down on unwanted tracking. There are several changes that will be implemented in a multi-phase rollout.
In an upcoming software update, Apple plans to implement new privacy warnings that will show up during AirTag setup to thwart malicious use. The warning will make it clear that the AirTag is linked to...
Monday January 17, 2022 4:26 am PST by Tim Hardwick
The British Government is reportedly preparing a publicity attack on end-to-end encryption in an effort to mobilize public opinion against the technology by framing it as a child safety issue, with its main aim being to derail Facebook's plan to end-to-end encrypt its Messenger platform. According to Rolling Stone, the Home Office has hired the M&C Saatchi advertising agency to plan the...
Wednesday February 16, 2022 9:47 am PST by Juli Clover
Though Apple last week announced changes to AirTags that will likely help cut down on unwanted tracking, officials are starting to take notice of complaints. New York Attorney General Letitia James today sent out a consumer alert with "safety recommendations" to protect New Yorkers from AirTags (via The Mac Observer).
Across the country, Apple AirTags are being misused to track people and...
Apple is making some major improvements to the Find My app in iOS 15, making it easier to keep track of your Apple devices and AirTags. With the Find My network, Apple says that you can locate devices even after they've been turned off, a feature that's helpful if a missing device is stolen and disabled or if a lost device has a low battery.
It's not clear how this feature works, but it...
Apple has toggled end-to-end encryption for Safari bookmarks in iCloud, further expanding the type of user data that the company fully encrypts, offering the highest level of privacy and data protection.
Spotted on Reddit, an update to Apple's "iCloud security overview" page has indicated that alongside Safari tabs and history, Safari bookmarks are now end-to-end encrypted, meaning no one,...
Accessory maker Targus today announced that its Cypress Hero EcoSmart Backpack with built-in support for Apple's Find My app will be available in spring or summer 2022 for a suggested price of $149.99 in the United States.
The backpack is equipped with a small tracking module that allows the backpack's location to be tracked in the Find My app on the iPhone, iPad, Mac, and Apple Watch...
Wednesday September 15, 2021 9:56 am PDT by Juli Clover
Apple this week continued distributing new firmware for the AirTags that first rolled out in August. There have been several minor releases with different build numbers, and behind the scenes, those tweaks were to meter the number of people who were seeing the AirTag update at one time.
The last version, for example, with a build number of 1A291e changed nothing other than the rate limit on...
Apple's second-generation AirPods Pro are finally nearing launch, with a release expected later this year. If you are considering upgrading to the new AirPods Pro once they are released, keep reading for a list of five new features to expect.
In addition to all-new features, the second-generation AirPods Pro will likely adopt some features added to the standard AirPods last year.
H2 Chip
...
Apple's rumored 10th-generation iPad is currently in production and will feature "major" design changes, according to a report from Taiwanese website DigiTimes.
A mockup of the potential 10th-generation iPad design by Renders By Shailesh The report did not provide any specific details about the 10th-generation iPad's new design, but rumors suggest the device will feature a larger 10.5-inch...
Monday August 15, 2022 10:04 am PDT by Juli Clover
Apple today seeded the sixth betas of upcoming iOS 16 and iPadOS 16 updates to developers for testing purposes, with the updates coming a week after Apple released the fifth developer betas.
Registered developers can download the iOS and iPadOS 16 profiles from the Apple Developer Center, and once installed, the betas will be available over the air.
iOS 16 introduces a revamped Lock...
There's just about a month to go until Apple holds its annual September event focusing on new iPhone and Apple Watch models. We thought we'd take a quick look at everything that's rumored for Apple's September event to give MacRumors readers a rundown on what to expect when the first fall event rolls around.
iPhone 14
The iPhone 14 can probably be described more as an "iPhone 13S" because...
The Apple Watch SE was announced in September 2020 and has been a popular Apple Watch model for customers looking for their first smartwatch or an affordable Apple Watch. Apple Watch SE customers may be wondering, however, what's in store for them with the upcoming Apple Watch Series 8 and what new features they can expect. Continue reading to find out. Apple Watch SE vs. Apple Watch Series ...
It's crazy to think about, but next month will mark five years since Apple announced the Apple Watch Series 3. Despite being a severely antiquated smartwatch, the Series 3 has remained at the bottom of Apple's lineup for $199.
Suppose you're still holding on to your Apple Watch Series 3. In that case, this article will list all the major new features and changes you'll get if you decide to...
Wednesday August 17, 2022 9:51 am PDT by Juli Clover
Apple is aiming to hold its first fall event on Wednesday, September 7, reports Bloomberg's Mark Gurman. The event will focus on the iPhone 14 models and the Apple Watch Series 8.
The standard iPhone 14 models are expected to get few changes, but the iPhone 14 Pro models will include updated camera technology, the removal of the notch in favor of a pill-shaped and hole-punch cutout, an A16...
Top Rated Comments
It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
“IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving.
Next week,
“We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
1) uses forgot password
2) clicks try another device for access code pin
3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin
4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker
5) hacker inlists a millennial to decrypt the puzzle
6) millennial asks for gluten free juice cleanser for payment
7) hacker gets in!
"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!"
:p