Apple’s Find My Network Could Be Exploited to Send Text Messages to Nearby Devices, Security Researcher Finds

0

Apple’s Discover My community might be exploited to broadcast arbitrary messages to close by Apple gadgets, a safety researcher has discovered. The community is formally meant to assist individuals discover their misplaced gadgets. It’s claimed to have “business main safety” in addition to end-to-end encryption. Nevertheless, analysis exhibits that the Discover My community can allow a strategy to ship any textual content messages — and never location particulars — to close by gadgets together with iPhone, iPad, and Mac.

Safety researcher Fabian Bräunlein has found a loophole that permits exploitation of the Find My network protocol to ship regular textual content messages to close by gadgets. The researcher was in a position to transmit textual content messages by replicating the best way an AirTag communicates over the crowdsourced community and sends its GPS coordinates as an encrypted message.

Bräunlein took reference from a latest study performed by Germany’s Technical College (TU) of Darmstadt that was aimed to assist builders construct equipment for the Discover My community. After understanding the protocol powering the community, the researcher developed a customized machine with a microcontroller working a proprietary firmware to transmit the message. He additionally constructed a customized Mac app to decode and show the message from the machine.

The proof-of-concept created by Bräunlein basically replaces the placement knowledge that the Discover My community usually broadcasts with textual content strings.

It’s unclear at this second whether or not the mannequin developed by the researcher might be used to flow into malicious content material over the Discover My community. Nevertheless, the in depth analysis performed by Bräunlein exhibits that the protocol utilized by Apple might be moulded to broadcast not location knowledge however content material resembling textual content messages.

Earlier this week, a German safety researcher reported that the Apple AirTag might be hacked to switch the default Discover My hyperlink with a customized hyperlink for NFC readers. This manipulation was comparable in nature to what has now been discovered on the Discover My community.


We dive into all issues Apple — iPad Professional, iMac, Apple TV 4K, and AirTag — this week on Orbital, the Devices 360 podcast. Orbital is obtainable on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.

For the newest tech news and reviews, observe Devices 360 on Twitter, Facebook, and Google News. For the newest movies on devices and tech, subscribe to our YouTube channel.


Jagmeet Singh writes about shopper expertise for Devices 360, out of New Delhi. Jagmeet is a senior reporter for Devices 360, and has regularly written about apps, laptop safety, Web companies, and telecom developments. Jagmeet is obtainable on Twitter at @JagmeetS13 or Electronic mail at jagmeets@ndtv.com. Please ship in your leads and ideas.
More

Samsung Galaxy F02s, Galaxy M02s Receive Android 11-Based One UI 3.1 Core Update in India: Reports

LEAVE A REPLY

Please enter your comment!
Please enter your name here