Find My Network Exploit Turns Any Bluetooth Device Into a Tracker

by

George Mason University researchers claim to have uncovered a serious vulnerability in Apple's Find My network that allows hackers to track virtually any Bluetooth-enabled device without the owner's knowledge.

find my friends precision finding
Called "nRootTag," the exploit tricks the Find My network into treating ordinary Bluetooth devices as if they were AirTags, allowing hackers to turn laptops, smartphones, game controllers, VR headsets, and even e-bikes into unwitting tracking beacons.

Find My works by having AirTags and other Find My-compatible items send Bluetooth signals to nearby Apple devices, which then anonymously relay location data to Apple's servers. The researchers discovered they could manipulate cryptographic keys to make the network believe any Bluetooth device was a legitimate AirTag.

The research team found that the attack has a 90% success rate and can pinpoint a device's location within minutes. "While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location," said one of the researchers.

What makes the exploit even more concerning is that it doesn't require physical access or administrator privileges on the target device – it can actually be executed remotely. In their experiments, the team successfully tracked a stationary computer with 10-foot accuracy and even reconstructed the exact flight path of a gaming console brought onboard an airplane.

The attack does require fairly hefty computing resources – the research team used hundreds of graphics processing units to quickly find matching cryptographic keys. However, they note that this could be achieved relatively inexpensively by renting GPUs, which has become a common practice in the crypto-mining community.

The team said they notified Apple about the vulnerability in July 2024, and Apple says that it protected against the vulnerability in December software updates.

Even after Apple implements a fix, the researchers warn the vulnerability could persist for years as many users delay updating their devices. "The vulnerable Find My network will continue to exist until those devices slowly 'die out,' and this process will take years," said one researcher.

The research will be formally presented at the USENIX Security Symposium in August. The team recommends users be cautious about apps requesting Bluetooth permissions, keep their devices updated, and consider privacy-focused operating systems for better protection.

Update: This article has been updated to clarify that Apple bolstered the Find My network in December 2024 to protect against this type of attack.

Tag: Find My Guide

Popular Stories

Beyond iPhone 13 Better Triad

Apple's 20th Anniversary iPhone May Finally Go All Screen

Tuesday April 15, 2025 6:31 am PDT by
Apple is preparing a "bold" new iPhone Pro model for the iPhone's 20th anniversary in 2027, according to Bloomberg's Mark Gurman. As part of what's being described as a "major shake-up," Apple is said to be developing a design that makes more extensive use of glass – and this could point directly to the display itself. Here's the case for Apple releasing a truly all-screen iPhone with no...
Read Full Article88 comments
maxresdefault

iPhone 17 Pro Launching Later This Year With These 12 New Features

Sunday April 13, 2025 7:52 am PDT by
While the iPhone 17 Pro and iPhone 17 Pro Max are not expected to launch until September, there are already plenty of rumors about the devices. Subscribe to the MacRumors YouTube channel for more videos. Below, we recap key changes rumored for the iPhone 17 Pro models as of April 2025: Aluminum frame: iPhone 17 Pro models are rumored to have an aluminum frame, whereas the iPhone 15 Pro and ...
Read Full Article131 comments
iOS 19 Roundup Feature

iOS 19 Will Add These New Features to Your iPhone

Tuesday April 15, 2025 7:37 am PDT by
The first iOS 19 beta is less than two months away, and there are already a handful of new features that are expected with the update. Apple should release the first iOS 19 beta to developers immediately following the WWDC 2025 keynote, which is scheduled for Monday, June 9. Following beta testing, the update should be released to the general public in September. Below, we recap the key...
Read Full Article34 comments
CarPlay Hero

Apple Releases Wireless CarPlay Fix

Wednesday April 16, 2025 11:28 am PDT by
If you have been experiencing issues with wireless CarPlay in your vehicle lately, it was likely due to a software bug that has now been fixed. Apple released iOS 18.4.1 today, and the update's release notes say it "addresses a rare issue that prevents wireless CarPlay connection in certain vehicles." If wireless CarPlay was acting up for you, updating your iPhone to iOS 18.4.1 should...
Read Full Article72 comments
iphone 16 pro models 1

17 Reasons to Wait for the iPhone 17

Thursday April 17, 2025 4:12 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we often get rumored features months ahead of launch. The iPhone 17 series is no different, and we already have a good idea of what to expect from Apple's 2025 smartphone lineup. If you skipped the iPhone...
Read Full Article94 comments
Apple 2025 Thumb 1

10 Products Still Coming From Apple in 2025

Friday April 11, 2025 4:14 pm PDT by
Apple may have updated several iPads and Macs late last year and early this year, but there are still multiple new devices that we're looking forward to seeing in 2025. Most will come in September or October, but there could be a few surprises before then. We've rounded up a list of everything that we're still waiting to see from Apple in 2025. iPhone 17, 17 Air, and 17 Pro - We get...
Read Full Article60 comments
iOS 18

Apple Releases iOS 18.4.1 With Bug Fixes

Wednesday April 16, 2025 10:11 am PDT by
Apple today released iOS 18.4.1 and iPadOS 18.4.1, minor updates to the iOS 18 and iPadOS 18 operating systems that came out last September. iOS 18.4.1 and iPadOS 18.4.1 come two weeks after the launch of iOS 18.4 and iPadOS 18.4. The new software can be downloaded on eligible iPhones and iPads over-the-air by going to Settings > General > Software Update. There have been complaints about ...
Read Full Article40 comments
iPhone 6s MacRumors YouTube

Apple Says These Products Are Now Vintage

Tuesday April 15, 2025 9:53 am PDT by
Apple today updated its vintage products list to add the 2018 Mac mini and the iPhone 6s, devices that will get more limited service and repairs now that they are considered vintage. The iPhone 6s initially launched in 2015, but Apple kept it around as a low-cost device until 2018, which is why it is only now being added to the vintage list. The iPhone 6s had Apple's A9 chip, and it was...
Read Full Article77 comments
tvOS 18 Thumb 1

Apple Releases tvOS 18.4.1

Wednesday April 16, 2025 10:04 am PDT by
Apple today released tvOS 18.4.1, a minor update to the tvOS 18 operating system that came out last September. tvOS 18.4.1 comes two weeks after Apple released tvOS 18.4, and it is available for the Apple TV 4K and Apple TV HD models. tvOS 18.4.1 can be downloaded using the Settings app on the ‌Apple TV‌. Open up Settings and go to System > Software Update to get the new software....
Read Full Article13 comments

Top Rated Comments

JuicyGoomba Avatar
JuicyGoomba
7 weeks ago
But but but Timmy told me that the real threat was letting people install those pesky 3rd party app stores!

angrybabyfistshake.gif
Score: 20 Votes (Like | Disagree)
NMBob Avatar
NMBob
7 weeks ago
Finally! Something that just works!
Score: 17 Votes (Like | Disagree)
Aeronauts Avatar
Aeronauts
7 weeks ago
I’m ok. Whenever I login to my Apple account it sends me a verification message saying I am 200 miles away from where I actually am.
Score: 8 Votes (Like | Disagree)
klasma Avatar
klasma
7 weeks ago
Website: https://nroottag.github.io/

How it works (from the link above):
[LIST=1]
* Through pairing, an AirTag shares the public / private key information with the owner’s device.
* When the AirTag is separated from the paired device, it advertises its public key via BLE advertisements, known as lost messages.
* Nearby Apple devices, referred to as finders, generate encrypted location reports and send them, along with the hashed public key, to the Apple Cloud.
* The Apple Cloud allows anyone to use a hashed public key to retrieve the associated location reports, which can only be decrypted using the correct private key. To ensure anonymity, finders do not authenticate whether a lost message is sent from an Apple device.

IIUC, any program that can send BLE advertisements can make the device it’s running on trackable via Apple’s Find My network.
Score: 8 Votes (Like | Disagree)
ikramerica Avatar
ikramerica
7 weeks ago
The author does a poor job if explaining how the hack works.

How did they locate the desktop computer remotely without hacking it and:

A. and finding out it exists
B. Knowing it’s Bluetooth information
C. Broadcasting the BT to Find My as an Airtag

Also, if the Find My network sees it as an Airtag, aren’t nearby iPhone users going to get an alert that an AirTag has been near them that doesn’t belong to you?
Score: 7 Votes (Like | Disagree)
I7guy Avatar
I7guy
7 weeks ago
Interesting vulnerability. How easy or hard to deploy? What is the actual threat level? And I presume one can’t be tracked if Bluetooth is off.
Score: 5 Votes (Like | Disagree)
Read All Comments