A vulnerability in Apple's Find My network allows hackers to track your Bluetooth devices without your knowledge
Researchers at George Mason University have discovered a vulnerability in Apple's Find My network that allows hackers to stealthily track any Bluetooth device.
Here's What We Know
The Find My network, designed to track devices and accessories such as AirTag, can now be used to track people. Hackers can turn any device, such as a phone or laptop, into an AirTag without the owner's knowledge. This allows the device's location to be tracked remotely.
The Find My network works by sending Bluetooth messages from AirTag and other trackers to nearby Apple devices, which anonymously transmit location information to the owner via Apple's servers. The researchers found a way to make the Find My network track any Bluetooth device using the right key.
The exploit, called nRootTag, has a high success rate of 90 per cent and does not require a complicated elevation of administrator privileges. In one experiment, researchers were able to track a computer's location to within 3 metres, which allowed them to track a bicycle travelling through a city.
The researchers reported the vulnerability to Apple in July 2024 and recommended that the Find My network be updated to better test Bluetooth devices. Apple has acknowledged the problem, but has yet to fix it. The company has not even provided details on how it will do so.
Researchers added that it could take years to fix the vulnerability as many people do not update their devices immediately after Apple releases new software. Experts advise never allowing unnecessary access to Bluetooth devices when apps request it and always install new software from the manufacturer.
Source: George Mason University
