Abstract
Apple's Find My protocol allows lost devices, such as AirTags, to relay their location to their owners via a network of over a billion active Apple devices. This convenient feature for device owners may also be a tool for malicious actors to cheaply and effectively track unknowing targets. Apple has introduced a featured known as "item safety alerts"to prevent AirTags from being used this way. We demonstrate that it is possible to create a custom device, with similar features to an AirTag in terms of cost, size, and battery life, which can participate in and be tracked by Apple's Find My network while not triggering any item safety alerts. This implies that Apple's protection mechanism is insufficient. We suggest natural mitigations for two of our malicious tracker techniques but note that the third would require substantially altering the Find My protocol to defend against.
Cite
CITATION STYLE
Mayberry, T., Fenske, E., Brown, D., Martin, J., Fossaceca, C., Rye, E. C., … Foppe, L. (2021). Who Tracks the Trackers?: Circumventing Apple’s Anti-Tracking Alerts in the Find My Network. In WPES 2021 - Proceedings of the 20th Workshop on Privacy in the Electronic Society, co-located with CCS 2021 (pp. 181–186). Association for Computing Machinery, Inc. https://doi.org/10.1145/3463676.3485616
Register to see more suggestions
Mendeley helps you to discover research relevant for your work.
