Apple's Find My service, familiar to users of Apple devices, is generally used to locate the company's devices. That is, for example, it allows you to find a lost iPhone or track a suitcase using an AirTag. It turned out that it can also be used by attackers to track any Bluetooth-enabled device.
The problem was discovered by researchers at George Mason University, 9to5Mac reports. They managed to find a way to turn any device into an AirTag even without the owner's knowledge. This happens via Bluetooth, which the tracker uses to notify the owner of its location. The signal from the tracker is transmitted in encrypted form to other devices nearby, which is recorded by Apple's server.
Thus, the Find My network was created from all the company's supported gadgets. And the researchers managed to intercept the signal of any Bluetooth device with the selection of the necessary key, even despite the existing encryption, although this required hundreds of video accelerators.
In the examples given, this allowed tracking the movement of a cyclist's laptop in the city with an accuracy of up to three meters, as well as recreating the user's flight path by tracking their game console.
The exploit is called nRootTag, it does not require "complex escalation of administrator privileges" and has demonstrated 90% effectiveness.
"While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this," said one of the researchers.
Apple was notified of the potential vulnerability in July 2024, but no specific fix has been provided. Researchers believe it could take years to fix the vulnerability, as not all users will install the update immediately, even with a security update. For now, they advise against granting Bluetooth access to apps that may not need it and to always stay up-to-date on security updates.