14 DAY TRIAL // Apple's Find My Network used to monitor iOS and macOS devices, as well as more recently AirTags and other products, turns out to be a spying tool.
Apple devices can be used to send data over the air from one location to another, such as a computer on the other side of the planet, without the need for any other network connection.
This can be achieved using Bluetooth Low Energy (BLE) broadcasts and a microcontroller designed to act as a modem. Fabian Bräunlein, the co-founder of Positive Security, created a way to send a limited amount of arbitrary data to Apple's iCloud servers from devices without an internet connection.
According to the researcher’s blog post dubbed Send my, using a Mac application he was able to download the data from the cloud.
Find My Network serves as a crowdsource location-tracking system when it is activated on Apple's devices.
How is the data leak possible?
Participating devices transmit data to other nearby Apple devices over BLE. Afterward, data is relayed back to Apple's servers through their network link. Device owners that are authorized can use iCloud-based Find My Phone or iOS/macOS Find My application to get location reports on enrolled hardware.
Researchers from Germany's Technical University of Darmstadt, Alexander Heinrich, Milan Stute, Tim Kornhuber, and Matthias Hollick published an analysis of Find My Network's security and privacy.
Bräunlein claims that their work on OpenHaystack, a tool for creating one's own Find My trackable items, enabled him to conduct his research dubbed Send My.
Bräunlein's aim was to see if the Find My network could be exploited to send arbitrary data from devices that did not have access to the internet.
As he says, "Such a technique could be employed by small sensors in uncontrolled environments to avoid the cost and power consumption of mobile internet".
"It could also be interesting for exfiltrating data from Faraday-shielded sites that are occasionally visited by iPhone users."
Since he did not find any rate-limiting mechanism for location reports devices can send over the Find My network, he theorizes that his strategy may be used to deplete smartphone users' data plans. With each report being more than 100 bytes, broadcasting many unique public encryption keys as part of the Find My protocol will increase the amount of mobile traffic sent.