Researcher finds Find My ‘loophole’ to send messages over any iPhone's data plan

Apple recently launched the AirTag, its first wireless object tracker, shortly after it officially opened up its Find My network to third party products in April. A security researcher has now managed to spoof the way an AirTag communicates with the Find My network to send messages over the mobile network of a nearby iPhone.

Also read: How to find and disable an AirTag that is being used to track your location

Discovered by security researcher Fabian Braunlien, Apple's Find My network can be “exploited” to allow data to be sent over the network, according to a report by 9to5Mac which could result in any data plan of a nearby iPhone user being used without their permission -- as long as it had Apple's Find My enabled. This data was then sent over the company's network and finally read on a Mac.

Braunlien documented the exploit in a blog post, in a report titled “Send My: Arbitrary data transmission via Apple's Find My network”. He explains that the device tracking network allows for arbitrary data (even from non-internet connected devices) with the help of Find My BLE (Bluetooth Low Energy) broadcasts that are encrypted. Instead of sending GPS coordinates, the Send My device sent strings of data over the Find My network.

Read more: Researcher manages to hack Apple AirTags Bluetooth tracker with custom NFC URL

While there doesn't seem to be a high risk of being exploited as the Find My broadcasts it relies on are rather small, so users might not even notice if they have been affected by a ‘Send My' attack. However, there appears to be very little that Apple can do to shut down the exploits on the Find My offline network, thanks to its inherent privacy and security mechanisms put in place – such as end-to-end encryption.