Apple’s “Find My” network is a powerful tool that can help users locate their lost or stolen devices. It works by using a combination of GPS and Bluetooth signals from other Apple devices to pinpoint the location of a missing device.
ADVERTISEMENT
When a user enables “Find My” on their device, it starts sending out Bluetooth signals in a constant loop. These signals are detected by other Apple devices within range, which then anonymously relay their location to the owner through the “Find My” network.
This process is very efficient, and it allows users to locate their lost or stolen devices even if they are offline. However, it also introduces a potential security risk.
Find My network’s abuse
Researchers at Positive Security recently discovered that the “Find My” network can be abused by malicious actors to exfiltrate keylogged passwords. They created a proof-of-concept hardware device that demonstrated how this attack can be carried out.
The device, which is integrated into a USB keyboard, combines a keylogger with an ESP32 Bluetooth transmitter. The keylogger captures passwords and other sensitive data typed on the keyboard, while the Bluetooth transmitter relays the data to the “Find My” network.
The researchers found that they were able to exfiltrate data at a rate of 26 characters per second, with a reception rate of 7 characters per second. The latency of the attack varied depending on the presence of Apple devices within range, but ranged from 1 to 60 minutes.
This attack is particularly dangerous because it is very stealthy. The keylogger is hidden inside the keyboard, so it is unlikely to be discovered. Additionally, Apple’s anti-tracking protections are not activated by the stationary keylogger.
Keylogger attacks are not the only concern
In addition to the keylogger attack, there are other potential security risks associated with the “Find My” network. For example, an attacker could use the network to track a user’s location without their consent. Additionally, an attacker could use the network to launch a denial-of-service attack against Apple’s servers.
Apple has not yet made an official statement on the subject. The giant company, which has recently been a surplus in cybersecurity alerts to users, is expected to fix this vulnerability in Find My network soon.
Advertisement