Apple actually applies “where is?” Network, which can transmit the location of Apple devices such as iPhones and MacBooks, Airtags and other compatible devices as safe and protected via Bluetooth and Ultra-Wideband radio. In the past, there have already been methods of how the network could be used to transfer further, actually not intended data.
Advertisement
A team of security researchers from George Mason University in the US state of Virginia now shows that the Apple service, which is called “Find My” in English, can also be misused for the Tracking of other Bluetooth devices in the area that is not integrated into the Find network. They had found a way to follow “almost every computer and every mobile device”, according to researchers Qiang Zeng and Lisa Luo in their paper that they have overwritten “Find My Hacker”. Become The Bluetooth address of a device with “Where is?” combined“to transform target devices into involuntary radio baks”.
Passing on to location data via “Where is?” Without Apple's approval
The Exploit bears the name “Nroottag” and should enable conventional Bluetooth devices to transform into Airtag-like devices. The success rate is said to be “90 percent”. The central element of the attack is the fact that it should be possible, the crypto key used as part of “Where is?” To manipulate that the network believes that a conventional Bluetooth device is a real Airtag. “It is scary when your Smart Lock is hacked, but it becomes even more terrible if the attacker also knows the location,” said the researchers.
This should also go completely from a distance – if necessary from a distance of thousands of kilometers. The costs were only “a few dollars”. Luo and Zeng, both of which have Associate Professor titles at the GMU Institute for Computer Science, have developed an efficient key search method that allows you to find a suitable “where is?” Key for a given Bluetooth address-which is clear worldwide. To do this, neither administrator rights nor a privilege escalation must be available. Instead, the confidence of the “Where is?” Network is misused in device signals. The network changes in an Airtag or another in “Where is?” Integrated device the Bluetooth address based on a cryptographic key. But the attackers don't have to do this. Instead, they simply look for the key that fits the Bluetooth address-and that works with the method as mentioned in 90 percent of cases.
Patch could need years if users do not update
This was detected for devices on Linux, Windows and Android as well as with various smart TV sets and VR headsets. To find the key, however, cloud-based GPUs-hundreds of them, to be precise-were used to find the key as quickly as possible. Incorrect keys can be saved in a rainbow table in order to ultimately be able to attack thousands of devices at the same time. In addition to hackers, advertising companies could also come up with the idea of pursuing Bluetooth devices over long distances in the future, according to Junming Chen, doctoral student and main author of the study. The group wants to present the exact details of the hack in August in Seattle on the Usenix Security Symposium.
The hack should be fixed by improving Apple the device check. Appropriate information was already sent to the group by the GMU researchers in the summer of 2024. So far, however, information about a patch has not been given. It also remains problematic that a large number of users would not update their devices – for various reasons, according to Chen. “The vulnerable” where is? “-Network will continue to exist and these devices will only die slowly. The process will take years.” Apple's Findetzwerk is just as widespread as the Airtags, since the devices are very inexpensive. Macs, iPhones, iPads and other Apple devices are used to transfer data including the position of devices without the user giving this specifically.
Discover more from Apple News
Subscribe to get the latest posts sent to your email.