Apple's Find My Network Exploit Lets Hackers Silently Track Any Bluetooth Device

Researchers at George Mason University discovered a vulnerability in Apple's Find My network that allows hackers to silently track any Bluetooth device as if it were an AirTag, without the owner's knowledge. 9to5Mac reports: Although AirTag was designed to change its Bluetooth address based on a cryptographic key, the attackers developed a system that could quickly find keys for Bluetooth addresses. This was made possible by using "hundreds" of GPUs to find a key match. The exploit called "nRootTag" has a frightening success rate of 90% and doesn't require "sophisticated administrator privilege escalation."

In one of the experiments, the researchers were able to track the location of a computer with an accuracy of 10 feet, which allowed them to trace a bicycle moving through the city. In another experiment, they reconstructed a person's flight path by tracking their game console. "While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this," said one of the researchers. Apple has acknowledged the George Mason researchers for discovering a Bluetooth exploit in its Find My network but has yet to issue a fix. "For now, they advise users to never allow unnecessary access to the device's Bluetooth when requested by apps, and of course, always keep their device's software updated," reports 9to5Mac.

Turn off your Bluetooth

[DrMrLordX]

Might suck for people actually using it for something like earbuds but turn off your Bluetooth on everything.

I needed another reason

[Slashythenkilly]

So pathetic that Apple wont open up its network to help you find lost or stolen equipment but theives can. Its all about future sales, not thd customer's security or safety.

Re:

[angel'o'sphere]

What is that supposed to mean?
Obviously you can search for your lost items your self.
That is the whole point of it!

Re:

[Mushur]

You misunderstand what he is saying (BTW, "yourself" is 1 word).

The article states that *any* bluetooth item can be tracked using their network, by pretending to be an Airtag.
While Apple obviously only has functionality to track Airtags, not any bluetooth item.
Therefore, malcreants have more power & functionality than actual users.

sounds useful!

[Gravis Zero]

Apple's Find My Network Exploit...

I would pay top dollar for that product. Of course it's an Apple product so I would be paying top dollar for that product. ;)

How surprising!

[Teun]

Not really surprising.

Nobody is hacking smart locks

[Powercntrl]

"While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this," said one of the researchers.

It's amazing how many otherwise intelligent people immediately assume the "smart" aspect of a smart lock is the weakest link in the security. Most smart locks still have a physical keyway as a backup, and those can be easily defeated with a bump key [youtube.com].

Of course, the reason we can get away with having such abysmally bad security on homes is that burglarizing a residence is very high risk, low reward crime.

Exploitability?

[cmseagle]

The exploit called "nRootTag" has a frightening success rate of 90% and doesn't require "sophisticated administrator privilege escalation."

I suppose we won't know more until the researchers present their findings in August, but if not "admin privilege escalation" on the device you're trying to track, what does it require? Presumably the installation of some kind of malware that can access the Bluetooth stack and make it communicate with Apple devices as if it were an Airtag.

This seems bad, but I read it as far from the nightmare scenario of being able to sniff an identifier of a Bluetooth device and then track it on an ongoing basis through Find My.