Positive Security’s co-founder Fabian Bräunlein said in a deep-dive published last week that the result is a stealth AirTag that can successfully track an iPhone user for more than five days without triggering a tracking notification. Cybersecurity researchers have created an Apple Airtag clone that bypasses the anti-stalking technology built into Apple’s Find My Bluetooth-based tracking protocol.
- AirTags are increasingly being used for malicious purposes, Apple has issued a statement outlining its current and future efforts to prevent misuse.
- We created an AirTag clone that prevents all tracking protection features and validated its functionality in a real-world experiment.
- When planning the next changes to the Find My ecosystem, we encourage Apple to include AirTag clones/modified AirTags in their threat model.
The Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany (SEEMO) disclosed protocol design and implementation flaws in March 2021, which could lead to a location correlation attack and unauthorised access to users’ location histories.
Then, in May 2021, Bräunlein followed up with details of a communication protocol built on top of Find My that allows arbitrary data to be uploaded from non-internet-connected devices by sending “Find My” Bluetooth broadcasts to nearby Apple devices that can carry out the data upload.
The development also comes after Apple introduced a slew of new anti-stalking measures to AirTags earlier this month to prevent their misuse associated with tracking unsuspecting individuals without their consent, including a warning informing users that doing so has criminal ramifications.
“If an AirTag, pair of AirPods, or Find My network accessory is discovered to be unlawfully tracking a person, law enforcement can request any available information from Apple to support their investigation.”
Positive Security’s “Find You” AirTag clone, on the other hand, aims to circumvent “every current and upcoming protection measure.” It’s also built with OpenHaystack, an open-source framework created by SEEMO researchers for tracking personal Bluetooth devices through Apple’s crowdsourced Find My network.
The mechanism renders the tracking device undetectable, raising no alerts in iOS and Apple’s own Tracker Detect Android app even when unwanted AirTags are present, by broadcasting new, never-seen-before public keys every 30 seconds from a list of 2,000 preloaded public keys through the proof-of-concept (PoC) device.
AirGuard, a third-party alternative to Tracker Detect developed by SEEMO is capable of detecting the clone in “manual scan” mode, calling into question the effectiveness of Apple’s safety and security barriers designed to protect users from malicious use of AirTags.
Finally the researchers concluded that , “The nature of the Find My network combined with its high accuracy and low entry cost. AirGuard found more actual trackers in different scenarios than the iOS tracking detection. Apple needs to incorporate non-genuine AirTags into their threat model and implementing security and anti-stalking features into the Find My protocol and ecosystem rather than in the AirTag itself, which can run modified firmware or not be an AirTag at all.”
–-For more Cyber security news in crisp content . Please follow our site via twitter handle @cyberworkx1, Linkedin handle @linkedin
CyberWorkx 