Apple’s device location tracking service, Find My, can be abused to siphon data from nearby devices and deliver it across the globe, a new report claims.
In a blog post, cybersecurity company Positive Security sets out a proof-of-concept exploit, called Send My. The exploit demonstrates that the Bluetooth Low Energy (BLE) broadcasts on which the Find My network is built can be manipulated to lift small quantities of arbitrary data, without even the need for an internet connection.
Made possible by special ESP32 firmware that turns a microcontroller into a modem that taps into the network of devices, the exploit could also in theory be used to rinse mobile data plans, the post suggests.
- Check out our list of the best password managers available
- We've built a list of the best identity theft protection services around
- Here's our list of the best security keys out there
Apple Find My network
The Apple Find My network is dependent on a crowdsource information system, rather than GPS, to locate iOS, macOS and watchOS devices - and now, AirTags too.
If someone opts into the program, their devices will begin to communicate over BLE with other Apple technology in the area. And the volume of Apple products in circulation means these device pings can be used to build an accurate map of the location of each piece of kit.
As part of this process, however, the communications between devices are also relayed to Apple’s servers, from where the information could be later retrieved. In this case, Positive Security developed a macOS app capable of retrieving, decoding and displaying this data.
“Such a technique could be employed by small sensors in uncontrolled environments to avoid the cost and power consumption of mobile internet,” explained Fabian Bräunlein, co-founder of Positive Security. “It could also be interesting for exfiltrating data from Faraday-shielded sites that are occasionally visited by iPhone users.”
While the quantity of data that could be lifted via this method is limited and the latency is poor (up to 60 minutes), it’s thought that advanced threat actors may be able to leverage the exploit to good effect.
According to Positive Security, the privacy-centric way in which the Find My network has been architected means it may be impossible for Apple to block off the attack vector.
Apple did not respond to a request for comment.
- Here's our list of the best VPN services right now
Via The Register