Rechercher dans ce blog

Wednesday, May 12, 2021

Security researcher exploits Find My network to send messages over any nearby iPhone’s data connection - 9to5Mac

doro.indah.link

The Find My network is used by Apple to report locations of items and devices via the data connection of any nearby iPhone, Mac, or other Apple device. Security researcher Fabian Bräunlein has today released a blog post demonstrating how the Find My network can be exploited as a generic data transfer mechanism.

By faking the way that an AirTag broadcasts its location as an encrypted message, the hack allows packets of arbitrary data to be transmitted over the Find My network, and therefore arbitrarily using the data connection of any nearby Apple device with Find My enabled.

We have already seen how an open source project was able to emulate a locatable item before Apple’s AirTags actually shipped. This latest research extends the protocol to transmitting arbitrary data rather than simply mirroring location updates.

Essentially, the hack involves simulating a Find My broadcast. Rather than encrypting a GPS location, arbitrary data is encoded. In the demo, short text strings are sent back over the Find My network to a home Mac.

It’s an interesting proof of concept, although it’s not immediately clear if the exploit could be used maliciously. Nevertheless, Bräunlein believes the method is hard for Apple to defend against due to the end-to-end encrypted design of the system.

There isn’t much chance of an unscrupulous fake AirTag draining someone’s data cap, as the size of the Find My messages is very small, measured in kilobytes.

Apple’s Find My system uses the entire base of active iOS devices to act as a distributed mesh network, where every Apple user’s device is a node that can report back the locations of AirTags and other Find My accessories. This system has drawn some criticism for being enabled by default (and opting out requires diving into a user’s Settings app), although the actual data transmissions are encrypted and appropriately anonymized.

Amazon has announced a similar initiative as a product this month, Amazon Sidewalk, which will allow all sorts of internet-of-things devices to send data back over any nearby Sidewalk compatible Echo speaker. Bluetooth tracker company Tile is planning to use the Sidewalk network to try to compete with the billion-device Apple Find My network.

A somewhat-related hack earlier this week showed how an AirTag can be manipulated to change its behavior when scanned by an NFC reader.

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:




May 12, 2021 at 09:06PM
https://ift.tt/3bk4fls

Security researcher exploits Find My network to send messages over any nearby iPhone’s data connection - 9to5Mac

https://ift.tt/2Ne11mY

No comments:

Post a Comment

Featured Post

Latest iPhone 13 Dummies Again Show New Diagonal Dual-Lens Camera Arrangement Coming to Standard Model - MacRumors

doro.indah.link More dummy models of the upcoming iPhone 13 have been shared online, this time by leaker DuanRui , indicating the new diag...

Popular Posts