Find My Network Exploited to Send Messages

An exploit allows messages and additional data to be sent across Apple's Find My network, according to the findings of a security researcher.

apple findmy network feature
Security researcher Fabian Bräunlein has found a way to leverage Apple's ‌Find My‌ network to function as a generic data transfer mechanism, allowing non-internet-connected devices to upload arbitrary data by using nearby Apple devices to upload the data for them.

The ‌Find My‌ network uses the entire base of active iOS devices to act as nodes to transfer location data. Bräunlein explained in an extensive blog post that it is possible to emulate the way in which an AirTag connects to the ‌Find My‌ network and broadcasts its location. The AirTag sends its location via an encrypted broadcast, so when this data is replaced with a message, it is concealed by the broadcast's encryption.

find my network message exploit
Bräunlein's practical demonstration showed how short strings of text could be sent from a microcontroller running custom firmware over the ‌Find My‌ network. The text was received via a custom Mac app to decode and display the uploaded data.

It is not immediately clear if this ‌Find My‌ network exploit could be used maliciously or what useful purposes it may serve. Nonetheless, it seems that it could be difficult for Apple to prevent this unintended use due to the privacy-focused and end-to-end encrypted nature of the system.

For more information, see Bräunlein's full blog post, which explains in detail the entire technical process behind passing arbitrary data through the ‌Find My‌ network.

Related Forum: AirTags

Top Rated Comments

zepfhyr Avatar
17 months ago
The first thought that comes to mind is someone installing a compromised IoT device that gains legitimate access to their network and then uses the Find My network to funnel data out of the network, bypassing any firewall rules that prevent the IoT device from communicating with the Internet at large.

It's the type of thing you'd see in a heist or spy movie to try and snag someone's password.
Score: 10 Votes (Like | Disagree)
Unregistered 4U Avatar
17 months ago
Another
“IF YOU SET EVERYTHING UP JUUUUUUUUUST RIGHT, YOU CAN DO A THING!” from a security researcher. AirTags is the security gift that keeps on giving.
Next week,
“We’ve been able to determine that if you accelerate an AirTag at just the right speed towards a target that’s not trying to dodge and is totally aware and ok that you’re throwing it (though accelerate sounds cooler) YOU MAY BE ABLE TO HIT THEM!”
Score: 8 Votes (Like | Disagree)
ArtOfWarfare Avatar
17 months ago
This could be used for some kind of Denial of Service Attack, couldn't it?

You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
Score: 8 Votes (Like | Disagree)
no_idea Avatar
17 months ago
Waiting for someone to show a hack that executed the following steps:
1) uses forgot password
2) clicks try another device for access code pin
3) has a hamster run in a wheel to disrupt radio waves transmitting the secret pin
4) said wheel traps the secret pin and translated via a sudoku puzzle to the hacker
5) hacker inlists a millennial to decrypt the puzzle
6) millennial asks for gluten free juice cleanser for payment
7) hacker gets in!
Score: 7 Votes (Like | Disagree)
TiggrToo Avatar
17 months ago

This could be used for some kind of Denial of Service Attack, couldn't it?

You set up a server that's just spamming the Find My network, then all the Apple devices are constantly bouncing these spam messages around. They may end up drowning out legitimate Find My network messages.
From the source:


With the public key validity check implemented, everything worked flawlessly. While I didn't do extensive performance testing and measurements, here are some estimates:

The sending rate on the microcontroller is currently ~3 bytes/second. Higher speeds could be achieved e.g. simply by caching the encoding results or by encoding one byte per advertisement
In my tests, the receiving rate was limited by slow Mac hardware. Retrieving 16 bytes within one request takes ~5 seconds
The latency is usually between 1 and 60 minutes depending on how many devices are around and other random factors.
Score: 7 Votes (Like | Disagree)
KaliYoni Avatar
17 months ago
Start the countdown...3, 2, 1, GO!

"Why is this stupid researcher attacking AirTags? Apple should get credit for making another perfect and visionary product! Nobody ever talks about how awful Tile trackers are!!!"
:p
Score: 6 Votes (Like | Disagree)

Related Stories

airpods pro find my

New AirPods Pro and AirPods Max Firmware Adds Updated Find My Integration

Tuesday October 5, 2021 1:31 pm PDT by
The new 4A400 AirPods Pro and AirPods Max firmware that was released this afternoon adds expanded Find My integration that Apple first promised as an iOS 15 feature back in June. Images via MacRumors reader SRM1982 With the update, AirPods Pro and AirPods Max are able to take advantage of the Find My network, allowing them to be located through connections with the Apple devices owned by...
AirTag is Linked to Apple ID Feature

Apple Announces AirTag Updates to Address Unwanted Tracking

Thursday February 10, 2022 9:58 am PST by
Apple today announced that it is making some updates to AirTags with the aim of cutting down on unwanted tracking. There are several changes that will be implemented in a multi-phase rollout. In an upcoming software update, Apple plans to implement new privacy warnings that will show up during AirTag setup to thwart malicious use. The warning will make it clear that the AirTag is linked to...
s960 2MS Home Office sign 960x640

UK Government Readies Anti-Encryption Publicity Campaign to 'Keep Children Safe' Online

Monday January 17, 2022 4:26 am PST by
The British Government is reportedly preparing a publicity attack on end-to-end encryption in an effort to mobilize public opinion against the technology by framing it as a child safety issue, with its main aim being to derail Facebook's plan to end-to-end encrypt its Messenger platform. According to Rolling Stone, the Home Office has hired the M&C Saatchi advertising agency to plan the...
airtag in hand

New York Attorney General Issues AirTag Consumer Alert Over Stalking Concerns

Wednesday February 16, 2022 9:47 am PST by
Though Apple last week announced changes to AirTags that will likely help cut down on unwanted tracking, officials are starting to take notice of complaints. New York Attorney General Letitia James today sent out a consumer alert with "safety recommendations" to protect New Yorkers from AirTags (via The Mac Observer). Across the country, Apple AirTags are being misused to track people and...
FindMy Feature

iOS 15 Find My App Lets You Find Devices That Are Turned Off or Erased

Monday June 7, 2021 4:04 pm PDT by
Apple is making some major improvements to the Find My app in iOS 15, making it easier to keep track of your Apple devices and AirTags. With the Find My network, Apple says that you can locate devices even after they've been turned off, a feature that's helpful if a missing device is stolen and disabled or if a lost device has a low battery. It's not clear how this feature works, but it...
apple privacy

Apple Makes iCloud Safari Bookmarks End-To-End Encrypted [Updated]

Monday October 4, 2021 1:28 am PDT by
Apple has toggled end-to-end encryption for Safari bookmarks in iCloud, further expanding the type of user data that the company fully encrypts, offering the highest level of privacy and data protection. Spotted on Reddit, an update to Apple's "iCloud security overview" page has indicated that alongside Safari tabs and history, Safari bookmarks are now end-to-end encrypted, meaning no one,...
targus backpack find my

CES 2022: Targus Debuts Backpack That Supports 'Find My' App Without an AirTag

Monday January 3, 2022 4:30 pm PST by
Accessory maker Targus today announced that its Cypress Hero EcoSmart Backpack with built-in support for Apple's Find My app will be available in spring or summer 2022 for a suggested price of $149.99 in the United States. The backpack is equipped with a small tracking module that allows the backpack's location to be tracked in the Find My app on the iPhone, iPad, Mac, and Apple Watch...
AitTag New Firmware

Apple Makes Latest AirTags Firmware Available to All Users

Wednesday September 15, 2021 9:56 am PDT by
Apple this week continued distributing new firmware for the AirTags that first rolled out in August. There have been several minor releases with different build numbers, and behind the scenes, those tweaks were to meter the number of people who were seeing the AirTag update at one time. The last version, for example, with a build number of 1A291e changed nothing other than the rate limit on...

Popular Stories

airpods pro black background

AirPods Pro 2: Five New Features and Improvements to Expect

Sunday August 14, 2022 3:28 pm PDT by
Apple's second-generation AirPods Pro are finally nearing launch, with a release expected later this year. If you are considering upgrading to the new AirPods Pro once they are released, keep reading for a list of five new features to expect. In addition to all-new features, the second-generation AirPods Pro will likely adopt some features added to the standard AirPods last year. H2 Chip ...
10th Generation iPad Render

10th-Generation iPad With Major Design Changes Reportedly in Production Ahead of September Launch

Monday August 15, 2022 8:02 pm PDT by
Apple's rumored 10th-generation iPad is currently in production and will feature "major" design changes, according to a report from Taiwanese website DigiTimes. A mockup of the potential 10th-generation iPad design by Renders By Shailesh The report did not provide any specific details about the 10th-generation iPad's new design, but rumors suggest the device will feature a larger 10.5-inch...
ios 16 lock screen feature2

Apple Seeds Sixth Betas of iOS 16 and iPadOS 16 to Developers [Update: Public Beta Available]

Monday August 15, 2022 10:04 am PDT by
Apple today seeded the sixth betas of upcoming iOS 16 and iPadOS 16 updates to developers for testing purposes, with the updates coming a week after Apple released the fifth developer betas. Registered developers can download the iOS and iPadOS 16 profiles from the Apple Developer Center, and once installed, the betas will be available over the air. iOS 16 introduces a revamped Lock...
iPhone 14 Dummies 1 Feature

Everything Rumored for Apple's September Event: iPhone 14, Apple Watch Pro and More

Friday August 12, 2022 2:34 pm PDT by
There's just about a month to go until Apple holds its annual September event focusing on new iPhone and Apple Watch models. We thought we'd take a quick look at everything that's rumored for Apple's September event to give MacRumors readers a rundown on what to expect when the first fall event rolls around. iPhone 14 The iPhone 14 can probably be described more as an "iPhone 13S" because...
apple watch se

Apple Watch SE vs. Apple Watch Series 8: New Features to Expect If You've Waited to Upgrade

Monday August 15, 2022 2:44 am PDT by
The Apple Watch SE was announced in September 2020 and has been a popular Apple Watch model for customers looking for their first smartwatch or an affordable Apple Watch. Apple Watch SE customers may be wondering, however, what's in store for them with the upcoming Apple Watch Series 8 and what new features they can expect. Continue reading to find out. Apple Watch SE vs. Apple Watch Series ...
Apple Watch Series 3 v 8 1

Apple Watch Series 3 vs. Apple Watch Series 8: 20 Major New Features and Changes for Customers Upgrading

Tuesday August 16, 2022 6:52 am PDT by
It's crazy to think about, but next month will mark five years since Apple announced the Apple Watch Series 3. Despite being a severely antiquated smartwatch, the Series 3 has remained at the bottom of Apple's lineup for $199. Suppose you're still holding on to your Apple Watch Series 3. In that case, this article will list all the major new features and changes you'll get if you decide to...
iPhone 14 Pro Lineup Feature Purple

Apple Planning to Hold iPhone 14 Event on September 7

Wednesday August 17, 2022 9:51 am PDT by
Apple is aiming to hold its first fall event on Wednesday, September 7, reports Bloomberg's Mark Gurman. The event will focus on the iPhone 14 models and the Apple Watch Series 8. The standard iPhone 14 models are expected to get few changes, but the iPhone 14 Pro models will include updated camera technology, the removal of the notch in favor of a pill-shaped and hole-punch cutout, an A16...