Wednesday, May 21, 2025
HomeAppleApple's "Find My Network" Can be Abused to Exfiltrate Data From Nearby...

Apple’s “Find My Network” Can be Abused to Exfiltrate Data From Nearby Apple Devices

Published on

SIEM as a Service

Follow Us on Google News

The security experts at Positive Security have recently detected a new exploit known as Send My in Apple’s Find My network for data transfer. 

Apple’s Find My network is a crowdsourced location tracking system, and it works via Bluetooth Low Energy (BLE), so, it works even if the device is not connected to the internet and if there is no data connection.

To keep it active it broadcast a special Bluetooth signal outside, that can be detected and recognized by other nearby Apple devices. Such signals are sent even in sleep mode and then transmitted by other users to Apple servers.

- Advertisement - Google News

Send My exploit

The cybersecurity researchers experts from the Darmstadt University of Technology in Germany published a research paper in March of this year that scattered light on several vulnerabilities.

While the specialists at Positive Security firm were able to develop an idea after analyzing the research paper of the Technical University of Darmstadt to exploit Apple’s Find My network. 

As a result, they manage to develop an exploit, “Send My,” to perform an attack on Apple’s Find My network to transfer arbitrary data from the nearby Apple devices.

Fabian Bräunlein, the co-founder of Positive Security has claimed that the connection between the AirTag and the Apple device is always secured with an Elliptic Curve key pair, but, the twist comes here is that the owner’s device isn’t able to identify which key AirTag is using.

For this, a whole list of keys that have recently been used by AirTag is generated, and their SHA256 hashes are also requested from Apple’s Find My network.

Here, the mentioned location reports can only be decrypted with the correct private key, however, the researchers found that they can check if reports exist for a specific SHA256 hash in principle.

To support this proof-of-concept the analysts have used ESP32 microcontroller firmware-based tool, “OpenHaystack” and macOS application designed to retrieve, decode and display transmitted data.

And here to retrieve the data from a macOS device, you need to use the Apple Mail plugin, which works with elevated privileges. Not only that, even the user must install the OpenHaystack tool and run the DataFetcher for the macOS app created by BRÄUNLEIN to view such unauthorized broadcasts.

Apart from this, the Send My attack can hardly be called high-speed arbitrary data transmission exploit, as the average data transfer rate of this attack is about 3 bytes per second. 

While the data transfer occurs with a delay of 1 to 60 minutes, depending on the number of nearby Apple devices.

Mitigation

The co-founder of the Positive Security, FABIAN BRÄUNLEIN believes that with the help of the Send My attack, it is possible to create an analogue of the  Amazon Sidewalk based on Apple’s network infrastructure. 

However, the Send My exploit can be exceptionally useful for retrieving the data from closed systems and networks.

So, to protect against such attacks, the cybersecurity analysts have recommended some mitigations, and here they are mentioned below:-

  • Authentication of the BLE advertisement
  • Rate limiting of the location report retrieval

These are only recommendations that are provided by the researchers to remain protected against these types of attacks.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Balaji
Balaji
BALAJI is an Ex-Security Researcher (Threat Research Labs) at Comodo Cybersecurity. Editor-in-Chief & Co-Founder - Cyber Security News & GBHackers On Security.

Latest articles

Hackers Target Mobile Users Using PWA JavaScript to Bypass Browser Security

A sophisticated new injection campaign has been uncovered, targeting mobile users through malicious third-party...

Docker Zombie Malware Infects Containers for Crypto Mining and Self-Replication

A novel malware campaign targeting containerized infrastructures has emerged, exploiting insecurely exposed Docker APIs...

Hackers Masquerade as Organizations to Steal Payroll Logins and Redirect Payments from Employees

ReliaQuest, hackers have deployed a cunning search engine optimization (SEO) poisoning scheme to orchestrate...

PupkinStealer Exploits Web Browser Passwords and App Tokens to Exfiltrate Data Through Telegram

A newly identified .NET-based information-stealing malware, dubbed PupkinStealer (also known as PumpkinStealer in some...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Apple Releases Security Patches to Fix Critical Data Exposure Flaws

Apple released critical security updates for macOS Sequoia 15.5 on May 12, 2025, addressing...

CISA Issues Alert on Actively Exploited Apple 0-Day Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a high-priority warning regarding two...

2 Apple Zero-Day Vulnerabilities Actively Exploited in “Extremely” Sophisticated iOS Attacks

Apple has urgently rolled out iOS 18.4.1 and iPadOS 18.4.1 to patch two zero-day...