We previously heard that the new Apple AirTag had been hacked and now it looks like a security researcher may be able to exploit Apple’s Find My network.
According to Security researcher Fabian Bräunlein he has been able to use Apple’s Find My network to send messages.
With the recent release of Apple’s AirTags, I was curious whether Find My’s Offline Finding network could be (ab)used to upload arbitrary data to the Internet, from devices that are not connected to WiFi or mobile internet. The data would be broadcasted via Bluetooth Low Energy and picked up by nearby Apple devices, that, once they are connected to the Internet, forward the data to Apple servers where it could later be retrieved from. Such a technique could be employed by small sensors in uncontrolled environments to avoid the cost and power-consumption of mobile internet. It could also be interesting for exfiltrating data from Faraday-shielded sites that are occasionally visited by iPhone users.
You can find out more details over at Fabian Bräunlein’s website at the link below, it is not clears as yet on whether this