How Apple's "Find My" Feature Works
Matthew Green intelligently speculates about how Apple’s new “Find My” feature works.
If you haven’t already been inspired by the description above, let me phrase the question you ought to be asking: how is this system going to avoid being a massive privacy nightmare?
Let me count the concerns:
- If your device is constantly emitting a BLE signal that uniquely identifies it, the whole world is going to have (yet another) way to track you. Marketers already use WiFi and Bluetooth MAC addresses to do this: Find My could create yet another tracking channel.
- It also exposes the phones who are doing the tracking. These people are now going to be sending their current location to Apple (which they may or may not already be doing). Now they’ll also be potentially sharing this information with strangers who “lose” their devices. That could go badly.
- Scammers might also run active attacks in which they fake the location of your device. While this seems unlikely, people will always surprise you.
The good news is that Apple claims that their system actually does provide strong privacy, and that it accomplishes this using clever cryptography. But as is typical, they’ve declined to give out the details how they’re going to do it. Andy Greenberg talked me through an incomplete technical description that Apple provided to Wired, so that provides many hints. Unfortunately, what Apple provided still leaves huge gaps. It’s into those gaps that I’m going to fill in my best guess for what Apple is actually doing.
Nobody • June 20, 2019 3:35 PM
Unless bluetooth can be disabled and this feature be turned off, we can safely assume apple will have all private keys and will track us all the time without anyone being able to disable it.
Bluetooth being on will drain battery.
The feature itself is designed to always send data, hiding itself within normal traffic. Does not inspire confidence.
Apple has control over your device and any pretense they will honor any private keys on your device is laughable.
I find it hard to believe Matthew Green doesn’t consider such basic issues.
If bluetooth can be disabled then this feature will turn useless. If it turns itself on during standby it will enable tracking. Only disabled bluetooth can’t be tracked or triangulated.
Using this feature will equate to accepting tracking. Enabled bluetooth, wifi, nfc, always means you can be tracked, the equation and logistics to make use of it just becomes harder to solve.
Encryption gets broken and badly implemented all the time, it cannot solve this problem because the end user will remain unable to verify everything required for this to work properly. One exploit and you’ve lost your keys.