Researchers discover how hackers can trick Apple’s Find My network
George Mason University researchers recently uncovered a way for hackers to track the location of nearly any computer or mobile device.
Named “nRootTag” by the team, the attack uses a device’s Bluetooth address combined with Apple’s Find My network to essentially turn target devices into unwitting homing beacons.
“It’s like transforming any laptop, phone, or even gaming console into an Apple AirTag – without the owner ever realizing it,” said Junming Chen, lead author of the study. “And the hacker can do it all remotely, from thousands of miles away, with just a few dollars.”
The team of Qiang Zeng and Lannan Luo—both associate professors in the Department of Computer Science—and PhD students Chen and Xiaoyue Ma found the attack works by tricking Apple’s Find My network into thinking the target device is a lost AirTag. AirTag sends Bluetooth messages to nearby Apple devices, which then anonymously relay its location via Apple Cloud to the owner for tracking. Their attack method can turn a device—whether it’s a desktop, smartphone, or IoT device—into an “AirTag” without Apple’s permission, at which point the network begins tracking.
In experiments, they were able to pinpoint a stationary computer’s location to within 10 feet, accurately track a moving e-bike’s route through a city, and even reconstruct the exact flight path and identify the flight number of a gaming console brought onboard an airplane.
From the report: While Apple designs an AirTag to change its Bluetooth address based on a cryptographic key, an actor could not do this on other systems without administrator privileges. So instead of trying to modify the Bluetooth address, the researchers developed efficient key search techniques to find a key that is compatible with the Bluetooth address, making the key adapt to the address instead.
What makes nRootTag particularly unsettling is a 90 percent success rate and the ability to track devices within minutes. The technique doesn’t require sophisticated administrator privilege escalation typically needed for such deep system access. Instead, it cleverly manipulates the Find My Network’s trust in device signals, essentially turning Apple’s helpful lost-device feature into an unwitting accomplice. The researchers demonstrated that the attack works broadly on computers and mobile devices running Linux, Android, and Windows, as well as several Smart TVs and VR Headsets.
The researchers recommended to Apple that it update its Find My network to better verify devices, but a true fix may take years to roll out. The team informed Apple of the problem in July of 2024 and Apple officially acknowledged it in subsequent security updates, though they have not disclosed how they will patch the issue.
Chen cautions that even once the patch is rolled out, “we foresee that there will be a noticeable amount of users who postpone or prefer not to update for various reasons and Apple cannot force the update; therefore, the vulnerable Find My network will continue to exist until those devices slowly ‘die out,’ and this process will take years.”
The post Researchers discover how hackers can trick Apple’s Find My network appeared first on MacTech.com.
