Hackers Convert Bluetooth Devices Into ARTAG Tools

3 Mar 2025 8:09 am GMT+0000 Date Time

Researchers Discover Vulnerability in Apple Find My Network
Researchers from the University of George Mason have identified a vulnerability in the Apple Find My network that could potentially allow attackers to turn any device with Bluetooth into an analogue of the Airtag for global tracking. The Find My network, which connects more than 1.5 billion iPhones worldwide, is primarily used to locate lost devices. However, utilizing the Nroottag technique, researchers have found a way to manipulate the network to track not only Apple devices but also computers, smartphones, and IoT devices. This attack does not require advanced hacking skills or root access. Simply starting a malicious application with Bluetooth permissions on the target device can initiate the process. Subsequently, the device will send “lost” signals to Find My, prompting nearby iPhones to relay their location to Apple servers. The Nroottag architecture involves creating key pairs that match Bluetooth addresses, allowing cloud servers to generate millions of potential pairs in advance and efficiently extract them when needed. Experiments conducted by the researchers revealed that the average detection time for a device is between 5 to 10 minutes. Nine Android smartphones, two Windows computers, and all 12 tested Linux devices were successfully monitored using this method. Apple has released patches in iOS 18.2, iPadOS 17.7.3, WatchOS 11.2, MacOS Ventura 13.7.2, and other versions to address this vulnerability. However, the vulnerability may still remain if unexpected iPhones or Apple Watches are used.

Researchers Discover Vulnerability in Apple Find My Network

Researchers from the University of George Mason have identified a vulnerability in the Apple Find My network that could potentially allow attackers to turn any device with Bluetooth into an analogue of the Airtag for global tracking.

The Find My network, which connects more than 1.5 billion iPhones worldwide, is primarily used to locate lost devices. However, utilizing the Nroottag technique, researchers have found a way to manipulate the network to track not only Apple devices but also computers, smartphones, and IoT devices.

This attack does not require advanced hacking skills or root access. Simply starting a malicious application with Bluetooth permissions on the target device can initiate the process. Subsequently, the device will send “lost” signals to Find My, prompting nearby iPhones to relay their location to Apple servers.

The Nroottag architecture involves creating key pairs that match Bluetooth addresses, allowing cloud servers to generate millions of potential pairs in advance and efficiently extract them when needed.

Experiments conducted by the researchers revealed that the average detection time for a device is between 5 to 10 minutes. Nine Android smartphones, two Windows computers, and all 12 tested Linux devices were successfully monitored using this method.

Apple has released patches in iOS 18.2, iPadOS 17.7.3, WatchOS 11.2, MacOS Ventura 13.7.2, and other versions to address this vulnerability. However, the vulnerability may still remain if unexpected iPhones or Apple Watches are used.

/Reports, release notes, official announcements.