Jaysu
Banned
- Joined
- 21.09.20
- Messages
- 121
- Reaction score
- 776
- Points
- 63
Exploiting the vulnerabilities allowed unauthorized access to the location history of Apple device users over the past seven days.
Cybersecurity researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt (Germany) identified two problems in the design and implementation of Apple's crowdsourced Bluetooth location tracking system that allowed unauthorized access to users ' location history over the past seven days.
Apple devices come with the Find My feature, which makes it easier for users to find other Apple products, including the iPhone, iPad, iPod touch, Apple Watch, Mac, or AirPods. The location tracking feature, dubbed "offline search" and introduced in 2019, transmits Bluetooth Low Energy (BLE) signals from Apple devices, allowing other devices in close proximity to transmit their location to the tech giant's servers.
Offline downloading turns every mobile device into a broadcast beacon, specifically designed to track movements through the use of a crowdsourcing mechanism that is anonymous and protected by end-to-end encryption. This is achieved by rotating the keys (public and private pairs) that are generated by each device that emits Bluetooth signals, encoding the public key with it. The key information is subsequently synced via iCloud to all other Apple devices associated with the same user.
Since this approach involves setting up public key encryption (PKE), even Apple can't decrypt the user's location data. According to the researchers, such a design allows Apple to correlate the location of different owners, if their location is reported by the same search devices.
"Law enforcement agencies can use this problem to de-anonymize participants in (political) demonstrations, even when participants put their phones on airplane mode. Malicious applications for macOS can extract and decrypt the location reports of the last seven days for all users and for all their devices, since the keys of cached "sliding" ads are stored in the file system in clear text, " the experts explained.
In other words, a vulnerability in macOS Catalina (CVE-2020-9986) could allow an attacker to gain access to decryption keys, using them to download and decrypt location reports sent by the Find My network, and ultimately to detect and identify victims with high accuracy. The vulnerability was fixed by Apple in November 2020 in macOS version 10.15.7 with "improved access restrictions".
The second problem discovered is an application that allows anyone to create an AirTag search tracker. A framework called OpenHaystack lets you track your personal Bluetooth devices through Apple's huge Find My network and create custom tracking tags that you can add to physical objects or integrate with other Bluetooth-enabled devices.
Experts reported their findings to Apple last year, and the company fixed the problems.
Cybersecurity researchers from the Secure Mobile Networking Lab at the Technical University of Darmstadt (Germany) identified two problems in the design and implementation of Apple's crowdsourced Bluetooth location tracking system that allowed unauthorized access to users ' location history over the past seven days.
Apple devices come with the Find My feature, which makes it easier for users to find other Apple products, including the iPhone, iPad, iPod touch, Apple Watch, Mac, or AirPods. The location tracking feature, dubbed "offline search" and introduced in 2019, transmits Bluetooth Low Energy (BLE) signals from Apple devices, allowing other devices in close proximity to transmit their location to the tech giant's servers.
Offline downloading turns every mobile device into a broadcast beacon, specifically designed to track movements through the use of a crowdsourcing mechanism that is anonymous and protected by end-to-end encryption. This is achieved by rotating the keys (public and private pairs) that are generated by each device that emits Bluetooth signals, encoding the public key with it. The key information is subsequently synced via iCloud to all other Apple devices associated with the same user.
Since this approach involves setting up public key encryption (PKE), even Apple can't decrypt the user's location data. According to the researchers, such a design allows Apple to correlate the location of different owners, if their location is reported by the same search devices.
"Law enforcement agencies can use this problem to de-anonymize participants in (political) demonstrations, even when participants put their phones on airplane mode. Malicious applications for macOS can extract and decrypt the location reports of the last seven days for all users and for all their devices, since the keys of cached "sliding" ads are stored in the file system in clear text, " the experts explained.
In other words, a vulnerability in macOS Catalina (CVE-2020-9986) could allow an attacker to gain access to decryption keys, using them to download and decrypt location reports sent by the Find My network, and ultimately to detect and identify victims with high accuracy. The vulnerability was fixed by Apple in November 2020 in macOS version 10.15.7 with "improved access restrictions".
The second problem discovered is an application that allows anyone to create an AirTag search tracker. A framework called OpenHaystack lets you track your personal Bluetooth devices through Apple's huge Find My network and create custom tracking tags that you can add to physical objects or integrate with other Bluetooth-enabled devices.
Experts reported their findings to Apple last year, and the company fixed the problems.