Security Researchers Develop Framework for Tracking Bluetooth Devices Using Find My

by

Ahead of the debut of AirTags and support for locating third-party Bluetooth items through Find My in iOS 14.5, a team of security researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt in Germany has reverse engineered the ‌Find My‌ protocol and developed an app that's designed to let anyone create an "AirTag" based on a Bluetooth-capable device.

openhaystack mac app
Called OpenHaystack, the app and the source code are available on GitHub for those who are interested in taking a look. The app allows users to create their own Bluetooth tags based on the ‌Find My‌ network by installing an "‌AirTag‌" firmware image on a Bluetooth dongle.

The app displays the most recent location of a created Bluetooth tag reported by any iPhone using Apple's ‌Find My‌ network that was implemented in iOS 13, plus it shows the location of the tag on a map.

According to the security researchers, the created tags send out Bluetooth beacons, which are picked up by nearby iPhones that interpret the sending device as lost. The current geolocation is end-to-end encrypted and then uploaded to Apple, with the OpenHaystack app then downloading the encrypted report from Apple and decrypting it locally on the Mac.

In the process of developing this tool, the Secure Mobile Networking Lab researchers also identified a macOS Catalina ‌Find My‌ vulnerability that was reported to Apple and addressed in a 10.15.7 update released back in November. The vulnerability allowed a malicious app to access iCloud decryption keys to download and decrypt location reports submitted by the ‌Find My‌ network.

Apple's iOS 14.5 update includes support for tracking third-party Bluetooth devices in the ‌Find My‌ app using a new "Items" tab, which takes advantage of the same ‌Find My‌ protocol used for the Mac app.

At the current time, in-app tracking is limited to Beats headphones and upcoming Belkin wireless earbuds, but in the future, many third-party Bluetooth devices may include ‌Find My‌ integration, making it easier to keep track of them. This system will also be used by Apple's own rumored AirTags, which have yet to be released.

Tag: Find My Guide

Popular Stories

airpods pro 3 purple

New, Higher End AirPods Pro Coming This Year

Tuesday January 20, 2026 9:05 am PST by
Apple is planning to debut a high-end secondary version of AirPods Pro 3 this year, sitting in the lineup alongside the current model, reports suggest. Back in September 2025, supply chain analyst Ming-Chi Kuo reported that Apple is planning to introduce a successor to the AirPods Pro 3 in 2026. This would be somewhat unusual since Apple normally waits around three years to make major...
Read Full Article104 comments
smaller dynamic island iphone 18 pro Filip Vabrous%CC%8Cek

iPhone 18 Pro Leak: Smaller Dynamic Island, No Top-Left Camera Cutout

Tuesday January 20, 2026 2:34 am PST by
Over the last few months, rumors around the iPhone 18 Pro's front-panel design have been conflicted, with some supply-chain leaks pointing to under-display Face ID, reports suggesting a top-left hole-punch camera, and debate over whether the familiar Dynamic Island will shrink, shift, or disappear entirely. Today, Weibo-based leaker Instant Digital shared new details that appear to clarify the ...
Read Full Article57 comments
iOS 27 Mock Quick

iOS 27 Will Add These 8 New Features to Your iPhone

Sunday January 18, 2026 3:51 pm PST by
iOS 27 is still many months away, but there are already plenty of rumors about new features that will be included in the software update. The first beta of iOS 27 will be released during WWDC 2026 in June, and the update should be released to all users with a compatible iPhone in September. Bloomberg's Mark Gurman said that iOS 27 will be similar to Mac OS X Snow Leopard, in the sense...
Read Full Article106 comments
14 inch MacBook Pro Keyboard

MacBook Pro Buyers Now Facing Up to a Two-Month Wait Ahead of New Models

Sunday January 18, 2026 6:50 pm PST by
MacBook Pro availability is tightening on Apple's online store, with select configurations facing up to a two-month delivery timeframe in the United States. A few 14-inch and 16-inch MacBook Pro configurations with an M4 Pro chip are not facing any shipping delay, but estimated delivery dates for many configurations with an M4 Max chip range from February 6 to February 24 or even later. At...
Read Full Article86 comments
Liquid Glass App Store Feature

App Store and Apple TV Experiencing Outage

Tuesday January 20, 2026 4:36 pm PST by
Apple's App Store, iTunes Store, and Apple TV service are experiencing an outage at the current time, according to Apple's System Status page. Apple says that some users may be experiencing issues with the App Store and iTunes Store. Apple also says some users may be seeing intermittent issues with Apple TV. The Apple TV Channels feature is down too, and users may be unable to access some...
Read Full Article42 comments

Top Rated Comments

Apple_Robert Avatar
Apple_Robert
64 months ago

This is good stuff guys! Apple is on top of it
Apple is on top of it? What does that mean?
Score: 7 Votes (Like | Disagree)
coolfactor Avatar
coolfactor
64 months ago
This strikes me as concerning.
Score: 6 Votes (Like | Disagree)
Corsig Avatar
Corsig
64 months ago
Yeah that won’t last long
Score: 5 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
64 months ago

The privacy.. security...
The article is about a couple of researchers creating an app that reverse engineers Find My. This isn't awesome stuff. This is concerning.

Edited to correct my misunderstanding.
Score: 5 Votes (Like | Disagree)
cmaier Avatar
cmaier
64 months ago

Awesome! Let’s hope Apple don’t try to patch this.
Why not? Security holes are bad. Anyone who wants to integrate into the Find My network can do so the official way.
Score: 5 Votes (Like | Disagree)
Apple_Robert Avatar
Apple_Robert
64 months ago

Awesome! Let’s hope Apple don’t try to patch this.
I hope Apple does patch the vulnerability and render this app useless.
Score: 4 Votes (Like | Disagree)
Read All Comments