Apple s Find My network can be abused to leak secrets to the outside world via passing devices theregister.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from theregister.com Daily Mail and Mail on Sunday newspapers.
minute read
Share this article:
Researchers have identified two vulnerabilities in the company’s crowd-sourced Offline Finding technology that could jeopardize its promise of privacy.
Two vulnerabilities in a crowdsourced location-tracking system that helps users find Apple devices even when they’re offline could expose the identity of users, research claim.
Offline Finding, a proprietary app introduced by Apple in 2019 for its iOS, macOS and watchOS platforms, enables the location of Apple devices even if they aren’t connected to the internet. While this capability in and of itself is not unique to the company, Apple promised that the technology could conduct its task in a way that preserves user privacy.
Researchers reverse-engineer Find My, detail potential privacy & security issues appleinsider.com - get the latest breaking news, showbiz & celebrity photos, sport news & rumours, viral videos and top stories from appleinsider.com Daily Mail and Mail on Sunday newspapers.
A team of security researchers managed to hack Apple s Find My protocol to test its security and privacy, and they ve created an open-source app that allows users to create their own "AirTags."
Credit:
OpenHaystack?
OpenHaystack is an application that allows you to create your own accessories that are tracked by Apple s Find My network. All you need is a Mac and a BBC micro:bit or any other Bluetooth-capable device.
By using the app, you can track your accessories anywhere on earth without cellular coverage. Nearby iPhones will discover your accessories and upload their location to Apple s servers when they have a network connection.
History
Find My network (or
offline finding). We at the Secure Mobile Networking Lab of TU Darmstadt started analyzing offline finding after its initial announcement in June 2019. We identified how Apple devices can be found by iPhones devices, even when they are offline through this work. The whole system is a clever combination of Bluetooth advertisements, public-key cryptography, and a central database of encrypted location reports. We disclosed a specification of the closed parts of offline finding and conducted a comprehensive security and p