Particle.news

Download on the App Store

Researchers Uncover Major Security Flaw in Apple’s Find My Network

A vulnerability allows hackers to remotely track nearly any Bluetooth device by exploiting the network's core functionality.

Image
The researchers reached out to Apple to inform the company about the flaw in July 2024
Image

Overview

  • George Mason University researchers discovered the 'nRootTag' exploit, which tricks Apple's Find My network into treating ordinary Bluetooth devices as AirTags.
  • The exploit enables remote tracking of devices such as laptops, gaming consoles, and VR headsets with up to 10-foot accuracy.
  • The attack leverages cryptographic key manipulation and requires no physical access to the target device, making it particularly dangerous.
  • Apple was notified of the flaw in July 2024 but has yet to release a patch, citing the complexity of fixing the issue without impairing the network's core functionality.
  • Experts recommend keeping devices updated, limiting Bluetooth permissions, and considering privacy-focused operating systems as temporary safeguards.