Apple’s Find My network is a feature that allows users to locate their lost or stolen Apple devices, such as iPhones, iPads, Macs, AirPods, and AirTags. The network uses Bluetooth signals from nearby Apple devices to relay the location of the missing device to the owner, even if it is offline or in sleep mode. However, this network also has a potential security risk: it can be abused to transmit arbitrary data besides just device location.
This risk was first discovered by Positive Security researchers Fabian Bräunlein and his team over two years ago, but apparently, Apple addressed this problem. The researchers found that they could encode any data into the Bluetooth signals that are broadcasted by the Find My network, and then decode them using another device that is connected to the internet. This way, they could use the Find My network as a covert channel to send and receive any kind of information, such as text, images, audio, or even malware.
The researchers demonstrated this technique by creating a proof-of-concept hardware device to better highlight the risk to the public. They integrated a keylogger with an ESP32 Bluetooth transmitter into a USB keyboard to show that it’s possible to relay passwords and other sensitive data typed on the keyboard through the Find My network via Bluetooth. They also created a custom app that can receive and decode the data from the Find My network on any internet-enabled device anywhere in the world.
The researchers named their implementation “Send My”, and published it on GitHub, where others can leverage it for uploading arbitrary data onto Apple’s Find My network and retrieving it from any internet-enabled device anywhere in the world. They also released a video that shows how their device works and how it can be used to transmit data through the Find My network.
The researchers claim that their technique does not compromise the privacy or security of the Find My network, as they do not interfere with the normal functioning of the network or the devices that use it. They also state that they do not access or reveal the location of any device on the network, as they only use the Bluetooth signals that are already publicly available. However, they warn that their technique could be used by malicious actors to exploit the Find My network for nefarious purposes, such as espionage, data exfiltration, or ransomware delivery.
The researchers suggest that Apple should implement some countermeasures to prevent the abuse of the Find My network, such as encrypting the Bluetooth signals, limiting the number of devices that can join the network, or adding some form of authentication or verification to the network. They also urge Apple to disclose more details about how the Find My network works and how it protects the privacy and security of its users.
The Find My network is a useful and innovative feature that helps users locate their missing Apple devices, but it also poses a potential security risk that could be exploited by hackers or cybercriminals. The Positive Security researchers have exposed this risk and provided a proof-of-concept device that demonstrates how the Find My network can be abused to transmit arbitrary data. Apple should take this issue seriously and address it as soon as possible, before it becomes a real threat to its users and their data.