Researcher finds Find My ‘loophole’ to send messages over any iPhone's data plan
A security researcher discovered that Apple's Find My network can also be used to send messages by spoofing messages to pretend that they were sent from an AirTag.
Apple recently launched the AirTag, its first wireless object tracker, shortly after it officially opened up its Find My network to third party products in April. A security researcher has now managed to spoof the way an AirTag communicates with the Find My network to send messages over the mobile network of a nearby iPhone.
Discovered by security researcher Fabian Braunlien, Apple's Find My network can be “exploited” to allow data to be sent over the network, according to a report by 9to5Mac which could result in any data plan of a nearby iPhone user being used without their permission -- as long as it had Apple's Find My enabled. This data was then sent over the company's network and finally read on a Mac.
Braunlien documented the exploit in a blog post, in a report titled “Send My: Arbitrary data transmission via Apple's Find My network”. He explains that the device tracking network allows for arbitrary data (even from non-internet connected devices) with the help of Find My BLE (Bluetooth Low Energy) broadcasts that are encrypted. Instead of sending GPS coordinates, the Send My device sent strings of data over the Find My network.
While there doesn't seem to be a high risk of being exploited as the Find My broadcasts it relies on are rather small, so users might not even notice if they have been affected by a ‘Send My' attack. However, there appears to be very little that Apple can do to shut down the exploits on the Find My offline network, thanks to its inherent privacy and security mechanisms put in place – such as end-to-end encryption.