Find My exploit turns any device into an AirTag tracker
An exploit in Apple’s Find My network allows hackers to turn any device with Bluetooth, such as a phone or a computer, into an AirTag tracker.
Apple’s crowdsourced network comprises hundreds of millions of Apple devices that use Bluetooth to detect missing devices or compatible Bluetooth trackers in their vicinity. These devices report their approximate location back to Apple’s servers, which then relay the information to the owner.
An exploit called “nRootTag” leverages the underlying Find My network structure to trick the system into believing that a nearby Bluetooth device is actually an AirTag. Nearby devices that can be used for this exploit include smartphones, laptops, headsets and even wireless game controllers and e-bikes!
Find My exploit turns nearby devices into trackers
Researchers notified Apple about the vulnerability in July 2024. The company acknowledged the issue by crediting the George Mason team on its page detailing security patches in iOS 18.2. However, it’s yet to release an official patch or comment on the matter publicly. Apple must patch this vulnerability as soon as possible because attackers are able to run the exploit remotely without any participation from their target or having a victim’s device in physical possession.
AirTag and other Apple devices use a technique called address randomization to change their Bluetooth address frequently based on a cryptographic key, which reduce chances of tracking. The exploit uses hundreds of GPUs (which can be rented inexpensively) to find matching cryptographic keys with an astonishing 90 percent success rate. No administrator privilege is required on a victim’s device to carry out an attack. The exploit can pinpoint a device’s location within minutes.
“While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location,” wrote the researchers. They could pinpoint the location of a stationary computer within 10 feet. In another example, researchers tracked a moving e-bike’s route through a city (reconstructing its exact flight path) and identified the flight number of a gaming console onboard an airplane.
A proper fix may take years to fully roll out
There’s nothing to do at this point until a fix is delivered. It’s recommended that you keep your devices updated to the latest version of the iOS software and be wary of apps requiring Bluetooth permissions for no apparent reason. To revoke Bluetooth access for apps installed on your device, navigate to the Privacy & Security > Bluetooth section in Settings (iPhone, iPad) or System Settings (Mac).
What makes this particularly concerning is that “the vulnerable Find My network will continue to exist” until all owners of Apple devices that are actively in use have installed a future software update from Apple containing a fix.
“We foresee that there will be a noticeable amount of users who postpone or prefer not to update for various reasons and Apple cannot force the update,” they cautioned, adding it “may take years to roll out” a complete fix for the vulnerability.
Source link: https://www.idownloadblog.com/2025/02/27/find-my-exploit-turns-any-bluetooth-device-into-airtag-tracker/
Leave a Reply