Researchers Make Scary Discovery About Apple’s Find My Network

Researchers at George Mason University have uncovered a way to exploit Apple’s Find My network, enabling the tracking of nearly any Bluetooth-enabled device by tricking the system into identifying it as a lost AirTag. The attack, called “nRootTag,” boasts a 90 per cent success rate and doesn’t require administrator access, making it both effective and accessible. Using affordable GPU rentals, attackers can manipulate cryptographic keys to track devices in real time, with experiments confirming its accuracy on items like laptops, e-bikes, and even devices on airplanes. Apple was informed of the vulnerability in July 2024 and has acknowledged it in security updates, though details on a fix remain unclear. Researchers recommend users update their devices regularly and limit Bluetooth permissions to mitigate risks.