Apple’s Find My network can be used to track any Bluetooth device, including Android phones | Technology News
Apple’s ‘Find My’ network is handy for locating lost or stolen items like AirPods, iPhones and AirTags, but a new study claims to have uncovered a way for hackers to track the location of nearly any computer or mobile device.
Dubbed ‘nRootTag, the security exploit, discovered by researchers at the George Mason University says the exploit uses a device’s Bluetooth address in combination with Apple’s Find My network to trick the target device into thinking that it is a lost AirTag.
The target device then sends Bluetooth signals over to other nearby devices, which then anonymously relays a trackable location to the owner via Apple Cloud. The study suggests that this method works irrespective of the device, meaning it affects almost all desktops, smartphones and IoT devices.
In an experiment, the researchers say they were able to accurately pinpoint a stationary computer’s location to a radius of within 10 feet, track a moving e-bike’s route through a city, and were able to retrace the exact flight path and even find the flight number of a gaming console that was onboard the plane.
What makes nRootTag so dangerous?
“While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this,” says Qiand Zend, an associate professor in the Department of Computer Science at George Mason University.
Apple says that its Find My network is end-to-end encrypted, meaning even it does not know the exact location of the devices. To get around this limitation, researchers say instead of modifying the Bluetooth address, they worked on finding a key that was compatible with the Bluetooth address.
What makes this particularly alarming is that the security exploit boasts an impressive 90% success rate, allowing devices to be tracked within minutes. Even more concerning, it doesn’t require elevated privileges, meaning anyone with the right knowledge can turn this useful feature into a potential threat.
Story continues below this ad
The research also raises concerns about privacy, as threat actors can use this exploit for stalking, harassing and threatening people. The findings of the study have been already shared with Apple, but researchers say it might take a few years for Apple to fix it.
Researchers say they shared the problem with Apple last year and that the tech giant has already acknowledged it, but the company is yet to disclose on how it plans to fix the exploit.
In the meantime, users are advised to be wary of apps that ask for Bluetooth permissions and keep their device up-to-date.
© IE Online Media Services Pvt Ltd
