Just with One Message, iPhone will be Hack, Apple’s Find My service has been caught with a big error
Tech giant Apple’s product tracking application ‘Find My,’ has helped many Apple users find lost products over the past decade. In addition to this app, the tech company has recently launched a product tracking device called AirTag. Which helps search devices using Apple’s ‘Find My Network‘. Apple claims that Find My Network is highly secure in terms of privacy and uses end-to-end encryption to maintain connectivity to Apple devices. However, this strong claim of the tech company is now in question! In fact, a security researcher has found a security flaw in the Find My Network program that could help hackers send unsolicited messages and other data to linked devices.
Fabian Bräunlein, managing director of Positive Security and a Berlin-based company, said the Find My Network program could be used as a “generic data transfer mechanism” offline. That is, just as ear tags use Apple device’s crowdsource network to locate lost products, an offline device can send messages or data to a linked network by mimicking the ‘Find My Network’ connection process. In that case, Fabian himself said he had actually tested the whole process.
In a technical post, Fabian details how he used a modem to simulate the tracking of ear tag devices. In this process, the ear tag sends the location of the device via an encrypted signal. So, in the case of the Fabian modem, using the ESP32 firmware, first, replace the location data sent by the ear tag with a message. And once the message is encrypted, it becomes difficult for Apple’s network security to detect it by the scan. In the case of Mac’s Find My Network, a microcontroller was used to transmit string text via Bluetooth low energy signals. Then, as soon as the message is received, a custom app on Mac is decoding and displaying it.
Hacking by transferring Find My Network location data from a device like an ear tag is really scary. However, it is not yet clear whether hackers can do much more than emulate this whole process and send messages or data. In this context, Fabian said in his research, “Although the Find My Offline Finding System comes with privacy and security-centric design, it does not seem possible to completely eliminate this flaw. “
Incidentally, according to a German security researcher, hackers can use multiple security loopholes in the software used in Yartag to re-program Yertag’s microcontroller as well as change its firmware.