Apple has been touting high security standards and data protection policies for years. But a new exploit in the "Find My Network" shows that even Apple systems are not invulnerable. Researchers at George Mason University have discovered a vulnerability that allows hackers to track any Bluetooth device unnoticed. This means that smartphones, laptops or even game consoles can be turned into a kind of AirTag without the owner's consent.
The Find My Network is a handy feature for Apple users. It helps to find lost or stolen devices by using a decentralized location system. Devices like AirTags send out Bluetooth signals that are received by other Apple devices nearby. These then transmit the location anonymously to the Apple server, where the owner can retrieve it. However, this system can be abused. Researchers have discovered that any Bluetooth device can be manipulated to behave like an AirTag, making it possible for hackers to locate a device and track its movements without the owner's knowledge.
The exploit: How the attack works
The vulnerability is based on the fact that Apple devices rely on certain Bluetooth keys to identify a device in the Find My network. Hackers have now found a way to calculate these keys. This is done using a system called nRootTag. The researchers used hundreds of graphics processing units (GPUs) to decrypt matching Bluetooth keys. Once they have found the right key, they can impersonate any Bluetooth device as an AirTag and use it to track its location remotely. The attack has a success rate of 90% and does not require advanced administrator rights. This means that even less experienced hackers would be able to exploit this exploit.
Disturbing findings: Hackers can track entire routes
In tests, the research team was able to track various devices with high precision. A laptop could be located with an accuracy of three meters. In another experiment, a bicycle could be tracked through a city. Particularly worrying was the attempt to track a game console during a flight, which made it possible to reconstruct the passenger's entire route. But the potential risks go even further. Smart locks or other security-relevant devices could also be affected. For example, if an attacker knows where an electronic door lock is located, this could endanger the security of residential or commercial premises.
Apple's reaction and the ongoing danger
The researchers informed Apple about the vulnerability in July 2024 and recommended improving Bluetooth authentication in the Find My Network. Apple has officially acknowledged the discovery, but there is currently no solution to the problem. A major obstacle is that many users do not update their devices regularly. So even if Apple releases an update, the vulnerability will potentially remain usable for years.
How you can protect yourself
Although Apple has not yet provided a solution, there are some steps you can take to better protect your device:
- Restrict Bluetooth access: Grant apps Bluetooth access only when absolutely necessary.
- Install software updates: As soon as Apple releases a security update, you should install it immediately.
- Disable unnecessary Bluetooth connections: Turn off Bluetooth when you don't need it, especially in public areas.
- Check for unknown devices in Find My: If you see an unknown device, you should be suspicious.
Abuse of Apple's Find My Network: A problem with no quick solution
The nRootTag exploit shows that even well-designed security features like the Find My Network can be abused. The ability to track any Bluetooth device poses a serious risk to privacy. Until Apple finds a solution, it is up to users to be careful with Bluetooth permissions and update their devices regularly. As long as the vulnerability exists, hackers could exploit Bluetooth devices for unnoticed tracking - and that is a massive privacy problem. (Image: Apple)
- iPhone 16e for 699 euros: Is it really worth the price?
- iOS 18.4 brings controversial change to Safari – this is what is changing
