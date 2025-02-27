Apple’s Find My network is an incredibly useful bit of software, giving users a way to track down their missing devices and accessories — including AirTags, iPhones and even certain kinds of headphones.

Unfortunately, it may not have been quite as secure as Apple had hoped, thanks to a serious exploit that was uncovered by researchers at George Mason University.

According to researchers this exploit would have allowed hackers to turn any Bluetooth device into an AirTag "without the opener ever realizing it." This would essentially let hackers track users through the Find My network without them realizing, and without the usual protections Apple has in place against AirTag stalking.

How this exploit works

The hack effectively turns any Bluetooth enabled device into a fake AirTag (Image credit: Apple)

Normally AirTags are designed to change their Bluetooth address based on a specific cryptographic key. Unfortunately researchers were able to develop a system that could find keys for those Bluetooth addresses, aided by “hundreds” of GPUs that could calculate a key match.

Dubbed “nRootTag,” this exploit had a frighteningly high success rate of 90% and was able to track down devices “within minutes.”

One experiment even saw researchers track the location of a computer within 10 feet, and they were later able to trace a moving e-bike as it was ridden on city streets. Another experiment let them recreate the path of a person’s flight by tracking a games console.

Proximity wasn’t a factor either, with hackers able to do all this from thousands of miles away.

As terrifying as it is that hackers could track your location so easily (or sell access to others), researchers pointed out that it could go much further than that. “While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location. With the attack method we introduced, the attacker can achieve this.”

What happens next?

(Image credit: Apple)

The George Mason team informed Apple of this exploit last July. While Apple acknowledged the work of the team in the iOS 18.2 release notes, the exploit hasn’t actually been fixed yet — nor has Apple addressed how it will fix the problem. The problem is that even if Apple were to develop a fix tomorrow, the research team noted it may take years to roll out to everyone — because it can’t force people to install updates.

It’s not clear whether this exploit has actually been utilized by bad actors, but the fact it exists is frightening enough. Researchers advise that until an update can be developed, users stay cautious about granting apps Bluetooth permissions.

They should also keep software up to date and “consider privacy-focused operating systems for better protection against prying eyes.”