{"id":52200,"date":"2025-02-27T04:28:15","date_gmt":"2025-02-27T03:28:15","guid":{"rendered":"https:\/\/www.apfelpatient.de\/?p=52200"},"modified":"2025-02-27T04:28:19","modified_gmt":"2025-02-27T03:28:19","slug":"hackers-use-apple-feature-to-leave-bluetooth-devices-unprotected","status":"publish","type":"post","link":"https:\/\/www.apfelpatient.de\/en\/news\/hacker-nutzen-apple-feature-aus-bluetooth-geraete-ungeschuetzt","title":{"rendered":"Hackers exploit Apple feature: Bluetooth devices unprotected"},"content":{"rendered":"

Apple has been touting high security standards and data protection policies for years. But a new exploit in the "Find My Network" shows that even Apple systems are not invulnerable. Researchers at George Mason University have discovered a vulnerability that allows hackers to track any Bluetooth device unnoticed. This means that smartphones, laptops or even game consoles can be turned into a kind of AirTag without the owner's consent.<\/strong><\/p>\n\n\n\n

The Find My Network is a handy feature for Apple users. It helps to find lost or stolen devices by using a decentralized location system. Devices like AirTags send out Bluetooth signals that are received by other Apple devices nearby. These then transmit the location anonymously to the Apple server, where the owner can retrieve it. However, this system can be abused. Researchers have<\/a> discovered that any Bluetooth device can be manipulated to behave like an AirTag, making it possible for hackers to locate a device and track its movements without the owner's knowledge.<\/p>\n\n\n\n

The exploit: How the attack works<\/h4>\n\n\n\n

The vulnerability is based on the fact that Apple devices rely on certain Bluetooth keys to identify a device in the Find My network. Hackers have now found a way to calculate these keys. This is done using a system called nRootTag. The researchers used hundreds of graphics processing units (GPUs) to decrypt matching Bluetooth keys. Once they have found the right key, they can impersonate any Bluetooth device as an AirTag and use it to track its location remotely. The attack has a success rate of 90% and does not require advanced administrator rights. This means that even less experienced hackers would be able to exploit this exploit. <\/p>\n\n\n\n

Disturbing findings: Hackers can track entire routes<\/h4>\n\n\n\n

In tests, the research team was able to track various devices with high precision. A laptop could be located with an accuracy of three meters. In another experiment, a bicycle could be tracked through a city. Particularly worrying was the attempt to track a game console during a flight, which made it possible to reconstruct the passenger's entire route. But the potential risks go even further. Smart locks or other security-relevant devices could also be affected. For example, if an attacker knows where an electronic door lock is located, this could endanger the security of residential or commercial premises.<\/p>\n\n\n\n

Apple's reaction and the ongoing danger<\/h4>\n\n\n\n

The researchers informed Apple about the vulnerability in July 2024 and recommended improving Bluetooth authentication in the Find My Network. Apple has officially acknowledged the discovery, but there is currently no solution to the problem. A major obstacle is that many users do not update their devices regularly. So even if Apple releases an update, the vulnerability will potentially remain usable for years.<\/p>\n\n\n\n

How you can protect yourself<\/h4>\n\n\n\n

Although Apple has not yet provided a solution, there are some steps you can take to better protect your device:<\/p>\n\n\n\n