Apple’s Find My network enables users to track their Apple devices and accessories, including AirTag trackers designed for this purpose. However, researchers at George Mason University (USA) have identified a vulnerability that could allow any Bluetooth device to be used for tracking people, bypassing Apple’s security measures.
The study revealed that virtually any Bluetooth-enabled device, such as a phone or laptop, could be converted into an AirTag-like tracker without the owner’s knowledge. This would enable attackers to track the device’s location remotely. The Find My network works by allowing AirTags and compatible devices to send Bluetooth signals to nearby Apple devices, which then relay the location data anonymously to the owner via Apple’s servers. By exploiting this system, it is possible to track any Bluetooth device without user consent.
How the nRootTag Exploit Works
Apple’s AirTag uses a cryptographic key to frequently change its Bluetooth address, making it harder to track. However, researchers developed a system that can efficiently retrieve these keys using the computing power of “several hundred” graphics processors. This exploit, called nRootTag, has a 90% success rate and does not require administrator privileges.
The researchers demonstrated the exploit by accurately determining the location of a specific computer within 10 feet (3.05 meters) and successfully tracking a moving bicycle. In another test, they used a game console to reconstruct a person’s flight path, proving the potential for real-world surveillance using the flaw.
Apple’s Response and Security Recommendations
The researchers reported their findings to Apple in July 2024 and suggested changes to enhance Bluetooth security within the Find My network. Apple acknowledged the report but has not yet implemented any fixes or provided a timeline for updates. Experts warn that even if a software patch is released, many users may delay updating their devices, prolonging exposure to the vulnerability.
For now, Apple device owners are advised to restrict app permissions for Bluetooth access unless absolutely necessary and to keep their firmware updated, adds NIXSolutions. While Apple has not yet addressed the issue, we’ll keep you updated on any developments regarding security improvements.