Apple Find My network could be abused to siphon data from nearby devices

Apple’s device location tracking service, Find My, can be abused to siphon data from nearby devices and deliver it across the globe, a new ...

Apple’s device location tracking service, Find My, can be abused to siphon data from nearby devices and deliver it across the globe, a new report claims.

In a blog post, cybersecurity company Positive Security sets out a proof-of-concept exploit, called Send My. The exploit demonstrates that the Bluetooth Low Energy (BLE) broadcasts on which the Find My network is built can be manipulated to lift small quantities of arbitrary data, without even the need for an internet connection.

Made possible by special ESP32 firmware that turns a microcontroller into a modem that taps into the network of devices, the exploit could also in theory be used to rinse mobile data plans, the post suggests.

Apple Find My network

The Apple Find My network is dependent on a crowdsource information system, rather than GPS, to locate iOS, macOS and watchOS devices - and now, AirTags too.

If someone opts into the program, their devices will begin to communicate over BLE with other Apple technology in the area. And the volume of Apple products in circulation means these device pings can be used to build an accurate map of the location of each piece of kit.

As part of this process, however, the communications between devices are also relayed to Apple’s servers, from where the information could be later retrieved. In this case, Positive Security developed a macOS app capable of retrieving, decoding and displaying this data.

“Such a technique could be employed by small sensors in uncontrolled environments to avoid the cost and power consumption of mobile internet,” explained Fabian Bräunlein, co-founder of Positive Security. “It could also be interesting for exfiltrating data from Faraday-shielded sites that are occasionally visited by iPhone users.”

While the quantity of data that could be lifted via this method is limited and the latency is poor (up to 60 minutes), it’s thought that advanced threat actors may be able to leverage the exploit to good effect.

According to Positive Security, the privacy-centric way in which the Find My network has been architected means it may be impossible for Apple to block off the attack vector.

Apple did not respond to a request for comment.

  • Here's our list of the best VPN services right now

Via The Register



from TechRadar - All the latest technology news https://ift.tt/2RdUONQ
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Apple Find My network could be abused to siphon data from nearby devices
Apple Find My network could be abused to siphon data from nearby devices
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2021/05/apple-find-my-network-could-be-abused.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2021/05/apple-find-my-network-could-be-abused.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy