Hackers Exploit Apple's Find My Network to Track Any Bluetooth Device: What You Need to Know

Researchers from George Mason University have discovered a method to exploit Apple's Find My network, enabling the tracking of any Bluetooth device as if it were an AirTag. The attack, dubbed 'nRootTag,' works by tricking the Find My network into accepting non-Apple hardware as legitimate trackable devices through a process that involves manipulating cryptographic keys and Bluetooth addresses. Experiments showed a 90% success rate, allowing for the tracking of various devices, including smart TVs, VR headsets, and e-bikes. The researchers used powerful GPU banks to perform the necessary computations quickly. While the attack requires significant resources, making it less likely to be used against the general public, it could still pose a threat in targeted scenarios, such as espionage. Apple was notified of the issue in July 2024, but the problem is expected to persist for years due to slow user updates.