Apple’s widely-used “Find My” tracking network, originally intended for locating lost items with AirTags, has recently come under scrutiny due to its potential to leak sensitive information.
First reported by Heise, Security expert Fabian Bräunlein has demonstrated that the network can be exploited to transmit data, such as passwords, bypassing local security measures.
Traditional keyloggers can often be detected, whereas Bräunlein’s method is more covert. By utilizing Bluetooth low-energy packets with limited range, similar to the Bluetooth advertisements sent by AirTags, the keylogger’s activities become barely detectable. Bräunlein’s approach leverages unsuspecting Apple devices, including those of unrelated bystanders, to covertly upload the captured data from the keylogger.
- Why you shouldn’t remove your lost iPhone from your iCloud account
- How to report and block your lost phone
Ironically, the vulnerability of the “Find My” network stems from Apple’s own stringent data protection measures. While the encryption used ensures that Apple’s devices and the company itself cannot trace the origin of Bluetooth packets, it also allows attackers to embed their desired data within the location reports’ hash. Although Apple can detect and counter unusual activities, completely blocking these attacks is challenging due to the inherent architecture of the tracking network.
One potential solution for high-security zones could involve personnel either surrendering or disabling tracking functions on their Apple devices. Additionally, users can mitigate risks by turning off the “Find My” feature in device settings.
As of publication of the report, Apple is yet to respond with an official statement regarding this vulnerability.