Researchers Uncover Exploit Allowing Tracking of Any Bluetooth Device via Apple’s Find My Network

The vulnerability, dubbed 'nRootTag,' enables hackers to turn Bluetooth devices into tracking beacons without user consent, raising significant privacy concerns.

George Mason University researchers discovered a flaw in Apple's Find My network that lets hackers track any Bluetooth-enabled device by exploiting cryptographic vulnerabilities.
The exploit, named 'nRootTag,' tricks the network into identifying ordinary Bluetooth devices as AirTags, enabling precise tracking with 90% accuracy within 10 feet.
The attack can be executed remotely without physical access or administrator privileges, using rented GPUs to manipulate cryptographic keys at a relatively low cost.
Apple acknowledged the vulnerability in July 2024 and credited the researchers in iOS 18.2 release notes, but a comprehensive fix has not yet been implemented.
Experts warn that the flaw may persist for years due to delayed software updates by users, and recommend limiting Bluetooth permission grants and keeping devices updated to mitigate risks.