- A security researcher has found an exploit in Apple's Find My network.
- The Find My network can be used to send arbitrary messages over BLE network.
- Apple may not be able to prevent this exploit completely, the researcher said.
The Find My app on your iPhone, iPad, iPod, or Mac is a pretty useful app as it lets you locate your gadgets, now including the AirTags. It uses Apple's Find My network to find devices that are signed in with a single account. According to Apple, the Find My network is extremely secure and uses end-to-end encryption for communication with various Apple devices. However, that claim may no longer be entirely true. A security researcher has claimed to have found an exploit in Find My network that can let a hacker send arbitrary messages and other data to connected devices.
Fabian Bräunlein, a security researcher who has written her findings in a security report for a Berlin-based IT consultancy called Positive Security, has pointed out that Find My network, when offline, can be used as a generic data transfer mechanism. The researcher managed to send arbitrary messages to the network by imitating the communication method of the AirTags with the Find My network. Just like how an AirTag uses the crowdsourced network of Apple devices to broadcast its location, an offline device can send messages and other data to the Find My network using the newfound exploit.
In his very technical post, Bräunlein has explained how he used a modem to replicate the process of AirTags. AirTags send their location through an encrypted signal, so when the researcher replaced the location data with an arbitrary message in his process -- using the ESP32 firmware for the modem -- the encryption is applied to the message, making it difficult for Apple's network security to scan it. A microcontroller was used to send string texts over the Bluetooth Low Energy signal to the Find My network on a Mac. And upon receiving the message, a custom app on the Mac decoded and displayed it.
The research has so far pointed out that this exploit in Apple's Find My network can be used to send messages that may be unwanted. However, at this point, it is not clear if hackers can leverage this exploit for something more harmful. For now, the researcher managed to replace the location signal from an AirTag-like device with arbitrary text, and this itself is scary. And it seems Apple may not be able to fix this exploit completely. "Being inherent to the privacy and security-focused design of the Find My Offline Finding system, it seems unlikely that this misuse can be prevented completely," said Bräunlein in his research.
The security loophole in Find My network comes close on the heels of the discovery of several vulnerabilities in AirTags. A German security researcher found loopholes in the software that runs AirTags. Hackers can leverage these security loopholes to take control of the microcontroller found inside AirTags and even reprogram them and change their firmware. A video on Twitter also surfaced showing how a hacked AirTag would act, and it raises serious questions about the security of the Tile-like tracker that Apple launched earlier this year.