The Find My network is used by Apple to report locations of items and devices via the data connection of any nearby iPhone, Mac, or other Apple device. Security researcher Fabian Bräunlein has today released a blog post demonstrating how the Find My network can be exploited as a generic data transfer mechanism.
By faking the way that an AirTag broadcasts its location as an encrypted message, the hack allows packets of arbitrary data to be transmitted over the Find My network, and therefore arbitrarily using the data connection of any nearby Apple device with Find My enabled.
We have already seen how an open source project was able to emulate a locatable item before Apple’s AirTags actually shipped. This latest research extends the protocol to transmitting arbitrary data rather than simply mirroring location updates.
Essentially, the hack involves simulating a Find My broadcast. Rather than encrypting a GPS location, arbitrary data is encoded. In the demo, short text strings are sent back over the Find My network to a home Mac.
It’s an interesting proof of concept, although it’s not immediately clear if the exploit could be used maliciously. Nevertheless, Bräunlein believes the method is hard for Apple to defend against due to the end-to-end encrypted design of the system.
There isn’t much chance of an unscrupulous fake AirTag draining someone’s data cap, as the size of the Find My messages is very small, measured in kilobytes.
Apple’s Find My system uses the entire base of active iOS devices to act as a distributed mesh network, where every Apple user’s device is a node that can report back the locations of AirTags and other Find My accessories. This system has drawn some criticism for being enabled by default (and opting out requires diving into a user’s Settings app), although the actual data transmissions are encrypted and appropriately anonymized.
Amazon has announced a similar initiative as a product this month, Amazon Sidewalk, which will allow all sorts of internet-of-things devices to send data back over any nearby Sidewalk compatible Echo speaker. Bluetooth tracker company Tile is planning to use the Sidewalk network to try to compete with the billion-device Apple Find My network.
A somewhat-related hack earlier this week showed how an AirTag can be manipulated to change its behavior when scanned by an NFC reader.
Author: Benjamin Mayo
Source: 9TO5Google