chushpan
Professional
- Messages
- 649
- Reaction score
- 446
- Points
- 63
A loophole in Apple's Find My network allows remote attackers to turn any Bluetooth device into an AirTag-type tracker and track the location of users around the world, researchers from George Mason University have found.
More than 1.5 billion iPhones around the world act as free tracking agents and can determine the location of any device, be it a desktop computer, smartphone, smartwatch, or even an IoT device.
Attackers do not need special (root) rights or hacking experience to achieve a 90% success rate in a matter of minutes and for just a few dollars.🗞 “We present nRootTag, a new attack method that turns computers into trackable ‘AirTags’ without requiring root privileges”, write Junming Chen, Xiaoyue Ma, Lannan Luo, and Qiang Zeng, researchers from George Mason University, in their paper.
“It can determine the location of a computer in minutes, posing a significant risk to users’ privacy and security”. The attack is effective on Linux, Windows, and Android systems, and can be used to track desktops, laptops, smartphones, and IoT devices.
Apple’s Find My network is a massive network that relies on encrypted location reports sent by Apple devices to help locate lost devices and AirTags. The researchers used their own “lost messages” to do so.
