Monday, May 12, 2025
HomeAppleApple's "Find My Network" Can be Abused to Exfiltrate Data From Nearby...

Apple’s “Find My Network” Can be Abused to Exfiltrate Data From Nearby Apple Devices

Published on

SIEM as a Service

Follow Us on Google News

The security experts at Positive Security have recently detected a new exploit known as Send My in Apple’s Find My network for data transfer. 

Apple’s Find My network is a crowdsourced location tracking system, and it works via Bluetooth Low Energy (BLE), so, it works even if the device is not connected to the internet and if there is no data connection.

To keep it active it broadcast a special Bluetooth signal outside, that can be detected and recognized by other nearby Apple devices. Such signals are sent even in sleep mode and then transmitted by other users to Apple servers.

- Advertisement - Google News

Send My exploit

The cybersecurity researchers experts from the Darmstadt University of Technology in Germany published a research paper in March of this year that scattered light on several vulnerabilities.

While the specialists at Positive Security firm were able to develop an idea after analyzing the research paper of the Technical University of Darmstadt to exploit Apple’s Find My network. 

As a result, they manage to develop an exploit, “Send My,” to perform an attack on Apple’s Find My network to transfer arbitrary data from the nearby Apple devices.

Fabian Bräunlein, the co-founder of Positive Security has claimed that the connection between the AirTag and the Apple device is always secured with an Elliptic Curve key pair, but, the twist comes here is that the owner’s device isn’t able to identify which key AirTag is using.

For this, a whole list of keys that have recently been used by AirTag is generated, and their SHA256 hashes are also requested from Apple’s Find My network.

Here, the mentioned location reports can only be decrypted with the correct private key, however, the researchers found that they can check if reports exist for a specific SHA256 hash in principle.

To support this proof-of-concept the analysts have used ESP32 microcontroller firmware-based tool, “OpenHaystack” and macOS application designed to retrieve, decode and display transmitted data.

And here to retrieve the data from a macOS device, you need to use the Apple Mail plugin, which works with elevated privileges. Not only that, even the user must install the OpenHaystack tool and run the DataFetcher for the macOS app created by BRÄUNLEIN to view such unauthorized broadcasts.

Apart from this, the Send My attack can hardly be called high-speed arbitrary data transmission exploit, as the average data transfer rate of this attack is about 3 bytes per second. 

While the data transfer occurs with a delay of 1 to 60 minutes, depending on the number of nearby Apple devices.

Mitigation

The co-founder of the Positive Security, FABIAN BRÄUNLEIN believes that with the help of the Send My attack, it is possible to create an analogue of the  Amazon Sidewalk based on Apple’s network infrastructure. 

However, the Send My exploit can be exceptionally useful for retrieving the data from closed systems and networks.

So, to protect against such attacks, the cybersecurity analysts have recommended some mitigations, and here they are mentioned below:-

  • Authentication of the BLE advertisement
  • Rate limiting of the location report retrieval

These are only recommendations that are provided by the researchers to remain protected against these types of attacks.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Lumma Stealer Upgraded with PowerShell Tools and Advanced Evasion Techniques

Sophos Managed Detection and Response (MDR) in September 2024, the notorious Lumma Stealer malware...

New Noodlophile Malware Spreads Through Fake AI Video Generation Platforms

Cybercriminals have unleashed a new malware campaign using fake AI video generation platforms as...

Kimsuky Hacker Group Deploys New Phishing Techniques and Malware Campaigns

The North Korean state-sponsored Advanced Persistent Threat (APT) group Kimsuky, also known as “Black...

APT37 Hackers Use Weaponized LNK Files and Dropbox for Command-and-Control Operations

The North Korean state-sponsored hacking group APT37, also known as ScarCruft, launched a spear...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

CISA Issues Alert on Actively Exploited Apple 0-Day Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority warning regarding two...

2 Apple Zero-Day Vulnerabilities Actively Exploited in “Extremely” Sophisticated iOS Attacks

Apple has urgently rolled out iOS 18.4.1 and iPadOS 18.4.1 to patch two zero-day...

Hackers Conceal NFC Carders Behind Apple Pay and Google Wallet

In a disturbing evolution of financial fraud, cybercriminals are leveraging advanced techniques to exploit...