Apple’s OF (Offline Finding) technology uses online finder devices running the ‘Find My’ app to detect the location of missing offline devices (for instance iPads using Bluetooth and AirTags). The security and privacy of Apple’s Bluetooth location-tracking system earned praise from researchers who discovered two flaws in the technology.
Computer scientists from the Technische Universität Darmstadt in Germany uncovered several issues following a detailed analysis. In fact, this was the first comprehensive security and privacy analysis of Apple’s OF technology. During the analysis, the scientists mapped out the design of the closed-source protocols with reverse engineering techniques. Their findings showed that an attacker could gain unauthorised access to the location reports of a device. This allows for accurate device tracking and gives attackers access to a user’s frequently visited locations. These distinct design and implementation flaws could lead to a ‘location correlation attack’.