Be careful if you use Apple's Find My network

Emre Çitak
Nov 6, 2023

Apple's "Find My" network is a powerful tool that can help users locate their lost or stolen devices. It works by using a combination of GPS and Bluetooth signals from other Apple devices to pinpoint the location of a missing device.

When a user enables "Find My" on their device, it starts sending out Bluetooth signals in a constant loop. These signals are detected by other Apple devices within range, which then anonymously relay their location to the owner through the "Find My" network.

This process is very efficient, and it allows users to locate their lost or stolen devices even if they are offline. However, it also introduces a potential security risk.

Apple Find My network keylogger
The "Find My" network can be abused by malicious actors to exfiltrate keylogged passwords - Image courtesy of Apple

Find My network's abuse

Researchers at Positive Security recently discovered that the "Find My" network can be abused by malicious actors to exfiltrate keylogged passwords. They created a proof-of-concept hardware device that demonstrated how this attack can be carried out.

The device, which is integrated into a USB keyboard, combines a keylogger with an ESP32 Bluetooth transmitter. The keylogger captures passwords and other sensitive data typed on the keyboard, while the Bluetooth transmitter relays the data to the "Find My" network.

The researchers found that they were able to exfiltrate data at a rate of 26 characters per second, with a reception rate of 7 characters per second. The latency of the attack varied depending on the presence of Apple devices within range, but ranged from 1 to 60 minutes.

This attack is particularly dangerous because it is very stealthy. The keylogger is hidden inside the keyboard, so it is unlikely to be discovered. Additionally, Apple's anti-tracking protections are not activated by the stationary keylogger.

Apple Find My network keylogger
Researchers created a proof-of-concept hardware device that combines a keylogger with a Bluetooth transmitter integrated into a USB keyboard - Image courtesy of Positive Security

Keylogger attacks are not the only concern

In addition to the keylogger attack, there are other potential security risks associated with the "Find My" network. For example, an attacker could use the network to track a user's location without their consent. Additionally, an attacker could use the network to launch a denial-of-service attack against Apple's servers.

Apple has not yet made an official statement on the subject. The giant company, which has recently been a surplus in cybersecurity alerts to users, is expected to fix this vulnerability in Find My network soon.


Previous Post: «
Next Post: «


There are no comments on this post yet, be the first one to share your thoughts!

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.