• Skip to main content
  • Skip to secondary menu
  • Skip to primary sidebar
  • Home
  • About Us
  • Contact Us

iHash

News and How to's

  • The Complete Google Go Programming Language for Beginners Course for $13

    The Complete Google Go Programming Language for Beginners Course for $13
  • The 2022 Ultimate Project Managers Toolkit Bundle for $39

    The 2022 Ultimate Project Managers Toolkit Bundle for $39
  • Voicetapp Speech to Text Transcription: Lifetime Subscription for $59

    Voicetapp Speech to Text Transcription: Lifetime Subscription for $59
  • PDF Reader Pro Smart PDF Editor & Converter Tool: Premium License (For Windows) for $39

    PDF Reader Pro Smart PDF Editor & Converter Tool: Premium License (For Windows) for $39
  • Microsoft Office Pro for Windows 2021 + HP EliteBook + Certificate Course Bundle for $666

    Microsoft Office Pro for Windows 2021 + HP EliteBook + Certificate Course Bundle for $666
  • News
    • Rumor
    • Design
    • Concept
    • WWDC
    • Security
    • BigData
  • Apps
    • Free Apps
    • OS X
    • iOS
    • iTunes
      • Music
      • Movie
      • Books
  • How to
    • OS X
      • OS X Mavericks
      • OS X Yosemite
      • Where Download OS X 10.9 Mavericks
    • iOS
      • iOS 7
      • iOS 8
      • iPhone Firmware
      • iPad Firmware
      • iPod touch
      • AppleTV Firmware
      • Where Download iOS 7 Beta
      • Jailbreak News
      • iOS 8 Beta/GM Download Links (mega links) and How to Upgrade
      • iPhone Recovery Mode
      • iPhone DFU Mode
      • How to Upgrade iOS 6 to iOS 7
      • How To Downgrade From iOS 7 Beta to iOS 6
    • Other
      • Disable Apple Remote Control
      • Pair Apple Remote Control
      • Unpair Apple Remote Control
  • Special Offers
  • Contact us

Bug in Apple’s Find My Feature Could’ve Exposed Users’ Location Histories

Mar 5, 2021 by iHash Leave a Comment

Cybersecurity researchers on Thursday disclosed two distinct design and implementation flaws in Apple’s crowdsourced Bluetooth location tracking system that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, thereby by deanonymizing users.

The findings are a consequence of an exhaustive review undertaken by the Open Wireless Link (OWL) project, a team of researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt, Germany, who have historically taken apart Apple’s wireless ecosystem with the goal of identifying security and privacy issues.

In response to the disclosures on July 2, 2020, Apple is said to have partially addressed the issues, stated the researchers, who used their own data for the study citing privacy implications of the analysis.

How Find My Works?

Apple devices come with a feature called Find My that makes it easy for users to locate other Apple devices, including iPhone, iPad, iPod touch, Apple Watch, Mac, or AirPods. With the upcoming iOS 14.5, the company is expected to add support for Bluetooth tracking devices — called AirTags — that can be attached to items like keys and wallets, which in turn can be used for tracking purposes right from within the Find My app.

What’s more interesting is the technology that undergirds Find My. Called offline finding and introduced in 2019, the location tracking feature broadcasts Bluetooth Low Energy (BLE) signals from Apple devices, allowing other Apple devices in close proximity to relay their location to Apple’s servers.

Put differently, offline loading turns every mobile device into a broadcast beacon designed explicitly to shadow its movements by leveraging a crowdsourced location tracking mechanism that’s both end-to-end encrypted and anonymous, so much so that no third-party, including Apple, can decrypt those locations and build a history of every user’s whereabouts.

This is achieved via a rotating key scheme, specifically a pair of public-private keys that are generated by each device, which emits the Bluetooth signals by encoding the public key along with it. This key information is subsequently synchronized via iCloud with all other Apple devices linked to the same user (i.e., Apple ID).

A nearby iPhone or iPad (with no connection to the original offline device) that picks up this message checks its own location, then encrypts the information using the aforementioned public key before sending it to the cloud along with a hash of the public key.

In the final step, Apple sends this encrypted location of the lost device to a second Apple device signed in with the same Apple ID, from where the owner can use the Find My app to decrypt the reports using the corresponding private key and retrieve the last known location, with the companion device uploading the same hash of the public key to find a match in Apple’s servers.

Issues with Correlation and Tracking

Since the approach follows a public key encryption (PKE) setup, even Apple cannot decrypt the location as it’s not in possession of the private key. While the company has not explicitly revealed how often the key rotates, the rolling key pair architecture makes it difficult for malicious parties to exploit the Bluetooth beacons to track users’ movements.

But OWL researchers said the design allows Apple — in lieu of being the service provider — to correlate different owners’ locations if their locations are reported by the same finder devices, effectively allowing Apple to construct what they call a social graph.

“Law enforcement agencies could exploit this issue to deanonymize participants of (political) demonstrations even when participants put their phones in flight mode,” the researchers said, adding “malicious macOS applications can retrieve and decrypt the [offline finding] location reports of the last seven days for all its users and for all of their devices as cached rolling advertisement keys are stored on the file system in cleartext.”

In other words, the macOS Catalina vulnerability (CVE-2020-9986) could allow an attacker to access the decryption keys, using them to download and decrypt location reports submitted by the Find My network, and ultimately locate and identify their victims with high accuracy. The weakness was patched by Apple in November 2020 (version macOS 10.15.7) with “improved access restrictions.”

A second outcome of the investigation is an app that’s designed to let any user create an “AirTag.” Called OpenHaystack, the framework allows for tracking personal Bluetooth devices via Apple’s massive Find My network, enabling users to create their own tracking tags that can be appended to physical objects or integrated into other Bluetooth-capable devices.

This is not the first time researchers from Open Wireless Link (OWL) have uncovered flaws in Apple’s closed-source protocols by means of reverse engineering.

In May 2019, the researchers disclosed vulnerabilities in Apple’s Wireless Direct Link (AWDL) proprietary mesh networking protocol that permitted attackers to track users, crash devices, and even intercept files transferred between devices via man-in-the-middle (MitM) attacks.

This was later adapted by Google Project Zero researcher Ian Beer to uncover a critical “wormable” iOS bug last year that could have made it possible for a remote adversary to gain complete control of any Apple device in the vicinity over Wi-Fi.

Source link

Share this:

  • Facebook
  • Twitter
  • Pinterest
  • LinkedIn

Filed Under: Security Tagged With: Apples, bug, computer security, Couldve, cyber attacks, cyber news, cyber security news, cyber security news today, cyber security updates, cyber updates, data breach, Exposed, feature, find, hacker news, hacking news, Histories, how to hack, information security, Location, network security, ransomware malware, software vulnerability, the hacker news, Users

Special Offers

  • The Complete Google Go Programming Language for Beginners Course for $13

    The Complete Google Go Programming Language for Beginners Course for $13
  • The 2022 Ultimate Project Managers Toolkit Bundle for $39

    The 2022 Ultimate Project Managers Toolkit Bundle for $39
  • Voicetapp Speech to Text Transcription: Lifetime Subscription for $59

    Voicetapp Speech to Text Transcription: Lifetime Subscription for $59
  • PDF Reader Pro Smart PDF Editor & Converter Tool: Premium License (For Windows) for $39

    PDF Reader Pro Smart PDF Editor & Converter Tool: Premium License (For Windows) for $39
  • Microsoft Office Pro for Windows 2021 + HP EliteBook + Certificate Course Bundle for $666

    Microsoft Office Pro for Windows 2021 + HP EliteBook + Certificate Course Bundle for $666

Reader Interactions

Leave a Reply Cancel reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Primary Sidebar

E-mail Newsletter

  • Facebook
  • GitHub
  • Instagram
  • Pinterest
  • Twitter
  • YouTube

More to See

eBook: Unlock Complex and Streaming Data with Declarative Data Pipelines 

Aug 13, 2022 By iHash

Chinese Hackers Backdoored MiMi Chat App to Target Windows, Linux, macOS Users

Aug 13, 2022 By iHash

Tags

* Apple Cisco computer security cyber attacks cyber crime cyber news Cyber Security cybersecurity cyber security news cyber security news today cyber security updates cyber threats cyber updates data breach data breaches google hacker hacker news Hackers hacking hacking news how to hack incident response information security iOS 7 iOS 8 iPhone iPhone 6 Malware microsoft network security Privacy ransomware malware risk management Secure security security breaches security vulnerabilities software vulnerability the hacker news Threat update video web applications

Latest

The Complete Google Go Programming Language for Beginners Course for $13

Expires August 14, 2122 23:59 PST Buy now and get 93% off KEY FEATURES There are an endless number of programming languages out there, and new ones are added on an almost daily basis. To keep on top of the game and broaden your skill set, picking up a few of these new languages never […]

5 ways ecommerce technology can be your competitive advantage

5 ways ecommerce technology can be your competitive advantage

Does your organization consider your tech stack a competitive edge? It should. The right technology empowers your business to offer goods and services that your customers want, in a way that others in your industry can’t match.  This is especially critical in ecommerce. According to a new study from Wakefield Research, “78% of shoppers encounter […]

Researchers Uncover UEFI Secure Boot Bypass in 3 Microsoft Signed Boot Loaders

A security feature bypass vulnerability has been uncovered in three signed third-party Unified Extensible Firmware Interface (UEFI) boot loaders that allow bypass of the UEFI Secure Boot feature. “These vulnerabilities can be exploited by mounting the EFI System Partition and replacing the existing bootloader with the vulnerable one, or modifying a UEFI variable to load […]

Conti Cybercrime Cartel Using ‘BazarCall’ Phishing Attacks as Initial Attack Vector

Three different offshoots of the notorious Conti cybercrime cartel have resorted to the technique of call-back phishing as an initial access vector to breach targeted networks. “Three autonomous threat groups have since adopted and independently developed their own targeted phishing tactics derived from the call back phishing methodology,” cybersecurity firm AdvIntel said in a Wednesday […]

Eric Thomas

How to Grow Your Own Security Talent

The cyberthreat landscape has expanded in recent years, accelerated by enterprises promoting remote work and more reliance on cloud computing. These are a business necessity, and yet, facing down cybersecurity threats often doesn’t come with an expansion of resources to address them. In a future post, I’ll discuss more about the Security Poverty Line, and […]

Why You Should Add DevOps Metrics to Your Data Fabric

Making DevOps data more visible and easily accessible helps teams improve their software delivery and gives them an edge over their competitors. According to the recently released analysis of data collected from more than 250,000 developers worldwide, developers code a median of 52 minutes per day on workdays. That translates to a total of four […]

Jailbreak

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.2.0

Pangu has updated its jailbreak utility for iOS 9.0 to 9.0.2 with a fix for the manage storage bug and the latest version of Cydia. Change log V1.2.0 (2015-10-27) 1. Bundle latest Cydia with new Patcyh which fixed failure to open url scheme in MobileSafari 2. Fixed the bug that “preferences -> Storage&iCloud Usage -> […]

Apple Blocks Pangu Jailbreak Exploits With Release of iOS 9.1

Apple has blocked exploits used by the Pangu Jailbreak with the release of iOS 9.1. Pangu was able to jailbreak iOS 9.0 to 9.0.2; however, in Apple’s document on the security content of iOS 9.1, PanguTeam is credited with discovering two vulnerabilities that have been patched.

Pangu Releases Updated Jailbreak of iOS 9 Pangu9 v1.1.0

  Pangu has released an update to its jailbreak utility for iOS 9 that improves its reliability and success rate.   Change log V1.1.0 (2015-10-21) 1. Improve the success rate and reliability of jailbreak program for 64bit devices 2. Optimize backup process and improve jailbreak speed, and fix an issue that leads to fail to […]

Activator 1.9.6 Released With Support for iOS 9, 3D Touch

  Ryan Petrich has released Activator 1.9.6, an update to the centralized gesture, button, and shortcut manager, that brings support for iOS 9 and 3D Touch.

Copyright iHash.eu © 2022
We use cookies on this website. By using this site, you agree that we may store and access cookies on your device. Accept Read More
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT