Hacking Apple’s Find My Network: The Silent Bluetooth Tracking Exploit Exposed

Apple’s Find My Network Exploit Researchers at George Mason University have discovered a significant exploit in Apple's Find My network that allows hackers to silently track any Bluetooth device, effectively turning them into AirTags. This exploit, named 'nRootTag,' has a 90% success rate and can be used without sophisticated privileges. The researchers were able to track devices with an accuracy of 10 feet, demonstrating the potential for stalking and tracking individuals.

How It Works

The Find My network sends Bluetooth messages from AirTags and other trackers to nearby Apple devices, which then share the location with the owner via Apple’s servers. The researchers found a way to quickly match cryptographic keys for Bluetooth addresses using hundreds of GPUs, allowing them to track any Bluetooth device through this network.

Implications

This exploit raises serious privacy concerns. In experiments, the team tracked a bicycle and reconstructed a person's flight path by tracking their game console. The researchers informed Apple in July 2024, but as of now, there is no fix available. A true solution may take years to roll out due to slow user adoption of software updates.

Recommendations

To protect against this exploit, users are advised to:

• Never allow unnecessary Bluetooth access to apps.
• Keep device software updated regularly.