Network Exploit Transforms Any Bluetooth Device into a Tracker
Researchers from George Mason University have found a significant security flaw in Apple’s Find My network. This issue allows hackers to track almost any device that uses Bluetooth, like smartphones or laptops, without the owner even knowing about it.
The exploit is called “nRootTag.” It tricks the Find My network into thinking that regular Bluetooth devices are actually AirTags, which are small tracking tools made by Apple. This means that devices such as game controllers, virtual reality headsets, and even e-bikes can be turned into tracking devices by hackers.
The Find My network works by having AirTags and other compatible devices send Bluetooth signals to nearby Apple devices. Those Apple devices then send the location information to Apple’s servers while keeping the user’s identity anonymous. However, the researchers discovered a way to manipulate certain cryptographic keys, making the network accept any Bluetooth device as a legitimate AirTag.
The research showed that this attack is quite effective, with a 90% success rate. Hackers can locate a device within minutes. One of the researchers pointed out that while it is concerning if a smart lock gets hacked, it’s even more terrifying if the hacker also knows where that smart lock is located.
What makes this flaw even scarier is that it does not require hackers to have physical access to the target device. They can perform the attack remotely. In their experiments, the researchers managed to track a stationary computer with an accuracy of within 10 feet. They even tracked the exact flight path of a gaming console that was taken aboard an airplane.
On the downside, carrying out this attack does need significant computing power. The research team used hundreds of graphics processing units (GPUs) to quickly identify matching cryptographic keys. However, they mentioned that renting these GPUs is relatively easy and cheap, especially since the practice is common in the crypto-mining world.
The researchers informed Apple about this security issue back in July 2024, and Apple has recognized the problem in their security updates. However, they have yet to announce how they plan to fix it. Even when a solution is in place, the researchers warn that the vulnerability may remain for years, as many users often delay updating their devices. One researcher explained that the problematic Find My network will continue to be a risk until those vulnerable devices become outdated, and that process could take years.
The formal presentation of this research will take place at the USENIX Security Symposium in August. In the meantime, the team advises users to be careful about giving Bluetooth permissions to apps, ensure their devices are kept up to date, and consider using privacy-focused operating systems for better protection against such vulnerabilities.
