Researchers from George Mason University have uncovered a shocking vulnerability in Apple’s Find My network. The vulnerability could let hackers track nearly any device including laptops, smartphones, and even gaming consoles without the owner’s knowledge. The attack is called nRootTag and can turn any device into a hidden AirTag.
Find My is designed to help Apple users locate lost devices, but hackers have found a way to exploit it. Normally, AirTags send Bluetooth signals to nearby Apple devices, which then relay their location anonymously to the owner. The nRootTag attack tricks Apple’s system into thinking a target device is an AirTag. Thus it makes it trackable through the Find My network.
During testing. the researchers were able to locate a stationary computer within 10 feet, track an e-bike’s route across a city, trace a gaming console’s exact flight path, and even identify the flight number.
This means attackers could use the technique to track smart locks, IoT devices, corporate laptops, and personal phones. This is a serious privacy risk and could be used for stalking, espionage, and even national security threats.
Read: Best Indian WordPress Hosting Service Providers
What makes nRootTag especially concerning is its 90% success rate and how quickly it works. Instead of changing a device’s Bluetooth address, the researchers reverse-engineered Apple’s cryptographic key system to make the tracking key adapt to the device’s Bluetooth address. This allows them to “register” a non-Apple device onto Find My’s network and use it for tracking. To make this process even faster, they used hundreds of rented GPUs to crack encryption keys, similar to how cryptocurrency mining works.
Apple acknowledged the issue in security updates but hasn’t detailed how it plans to fix it. Even after a fix is rolled out, researchers warn that many users delay or avoid updates. This makes their devices vulnerable.
If you want to avoid falling for this hack, you should disable Bluetooth when not in use and be cautious of apps requesting Bluetooth access unnecessarily.
