Apple Find My Devices

Recently, cybersecurity analysts have detected two discrete flaws in Apple’s crowdsourced Bluetooth location tracking system or Find My feature.

These two flaws can allow any attackers unauthorized access to the users’ location histories of the last seven days. However, we all know that Apple has turned its hundreds-of million-device environment into the world’s most comprehensive crowdsourced location tracking network known as offline finding (OF).

The main motive of OF is to guarantee the finder anonymity, untracebility of owner devices, and confidentiality of location reports. These flaws are quite critical as the analysts stated that the outcomes are an exhaustive review that has been undertaken by the Open Wireless Link.

How the Find My Feature works?

Apple’s devices are quite complicated to understand, as it has a feature named Find My which helps the users to easily locate other Apple devices such as iPad, iPhone, iPod touch, Apple Watch, AirPods, and Mac.

Apple has been continuously updating its iOS, and now it is expecting to add support for Bluetooth tracking devices named AirTags.

These AirTags are attached to items such as keys and wallets, later that can be used for tracking purposes directly from the Find My app.

Problems Tracking, and unauthorized access of location history

According to the researcher, Apple cannot decrypt the location as it does not have any settlement with the private key.

But, the OWL researchers claimed that the design enables Apple in lieu of being the service provider so that it can correlate the different owners’ locations if their locations are announced by the same finder devices.

It efficiently enables Apple to create what they call a social graph. While the macOS Catalina vulnerability CVE-2020-9986 could enable a threat actor to access the decryption keys. 

And by using them users can download and decrypt the location reports that have been tendered by the Find My network and finally locate and identify their victims with high authority.

According to cybersecurity researchers, they have detected a vulnerability of the OF implementation on macOS which allows a malicious application (A1) so that it can effectively circumvent Apple’s limited location API.

After locating it, hackers can access the geolocation of all owner devices without user consent. Furthermore, historical location reports can be exploited to generate a different mobility profile and recognize the user.

Recommended mitigation

There are two straightforward options to alleviate this kind of attack, remove the identifying information from either finder devices or else from the owner devices.

However, the device is not that feasible as the finder has to implement some valid information by design. Apple devices can entreat arbitrary location reports, so the authentication emerges to be a security-by-obscurity measure and it prevents everyone without access to an Apple device from accessing the location.

Moreover, the researchers have disclosed vulnerabilities in Apple’s Wireless Direct Link (AWDL) proprietary mesh networking protocol. And this protocol has been permitted attackers to track users, crash devices, and even prevent files assigned between devices by man-in-the-middle (MitM) attacks.

You can follow us on LinkedinTwitterFacebook for daily Cyber security and hacking news updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.