Apple’s Find My Network exploit enables silent tracking from any Bluetooth device

Apple Find My

Apple's Find My Network is a service familiar to users of Apple devices, as it is generally used to locate the company's devices, such as lost iPhone Pads, PCs, AirPods, Apple Watch, and iPod, or track a wallet using an AirTag. However, previously, there have been reports of the service being misused to stalk unsuspecting users. While Apple has implemented certain measures to prevent others from tracking your whereabouts, researchers have reportedly found an exploit that can let hackers track a user’s location using the Find My Network service.

According to George Mason University researcher Junming Chen, Apple's Find My network has a Bluetooth vulnerability that would allow any hacker to silently track a connected device by sending Bluetooth messages from AirTags and other nearby tracking devices to the nearest Apple devices This exploit is dubbed as 'nRootTag.'

The exploit essentially uses a target device’s Bluetooth address along with Apple’s Find My Network to track the location of any connected device. It reportedly works by tricking Apple’s Find My Network into thinking that the targeted device is a lost AirTag. Further, the target device sends a message to the nearest Apple device, which allows location sharing without the owner’s permission via Apple’s servers.

Further, the blog post adds that the exploit does not require admin-level privileges and has a shocking 90% success rate. It can also be used to track a device’s location to within 10 feet in just a few minutes. Moreover, nRootTag works on a wide range of Bluetooth devices, including various computers and mobile devices running Linux, Android, or Windows. The researchers also alerted Apple of the exploit in July last year and recommended updating the Find My network servers to improve Bluetooth device verification. However, Apple has yet to release a security patch to fix this alarming issue.