Apple Find My Hack Turns Any Bluetooth Device into a Secret AirTag

A vulnerability in the Apple Find My app can turn any Bluetooth device into a covert AirTag. Here's what we know about this unexpected security issue.

Major Flaw Discovered in Apple’s Find My Network

No system is impervious to security vulnerabilities, including Apple’s widely used Find My network. Researchers from George Mason University have recently identified a significant flaw within this system, which is designed to help locate lost devices and accessories.

How Does This Flaw Work?

Normally, Apple’s AirTags change their Bluetooth address based on a specific cryptographic key. However, the researchers have developed a method to decode these keys associated with the Bluetooth addresses. Named “nRootTag,” this flaw boasts a frightening 90% success rate and can pinpoint device locations within minutes.

This vulnerability allows for tracking a computer within three meters, monitoring an electric bike as it moves through city streets, or even replicating a flight path by following a gaming console. Alarmingly, this flaw can be exploited from thousands of kilometers away.

The Implications of This Flaw

“It’s already scary enough having your smart lock hacked, but it’s even more terrifying if the attacker also knows its location. With the attack method we’ve introduced, the attacker can achieve this.”, the researchers emphasized.

How is Apple Addressing This Flaw?

The question of how Apple will fix this issue remains open. Although the George Mason team informed Apple of the flaw last July, no fix has yet been implemented.

Moreover, even if Apple were to develop a patch, it could take years to roll out to all users. In the meantime, researchers advise users to be cautious with Bluetooth permissions, to always update their software, and to consider privacy-focused operating systems for enhanced protection against prying eyes.