Apple’s Find My Network Could Be Exploited to Send Text Messages to Nearby Devices, Security Researcher Finds

Apple’s Discover My community might be exploited to broadcast arbitrary messages to close by Apple gadgets, a safety researcher has discovered. The community is formally meant to assist folks discover their misplaced objects. It’s claimed to have “trade main safety” in addition to end-to-end encryption. Nevertheless, analysis exhibits that the Discover My community can allow a strategy to ship any textual content messages — and never location particulars — to close by gadgets together with iPhone, iPad, and Mac.

Safety researcher Fabian Bräunlein has discovered a loophole that enables exploitation of the Discover My community protocol to ship regular textual content messages to close by gadgets. The researcher was in a position to transmit textual content messages by replicating the way in which an AirTag communicates over the crowdsourced community and sends its GPS coordinates as an encrypted message.

Bräunlein took reference from a latest examine carried out by Germany’s Technical College (TU) of Darmstadt that was aimed to assist builders construct equipment for the Discover My community. After understanding the protocol powering the community, the researcher developed a customized system with a microcontroller operating a proprietary firmware to transmit the message. He additionally constructed a customized Mac app to decode and show the message from the system.

The proof-of-concept created by Bräunlein basically replaces the placement information that the Discover My community usually broadcasts with textual content strings.

It’s unclear at this second whether or not the mannequin developed by the researcher might be used to flow into malicious content material over the Discover My community. Nevertheless, the intensive analysis carried out by Bräunlein exhibits that the protocol utilized by Apple might be moulded to broadcast not location information however content material resembling textual content messages.

Earlier this week, a German safety researcher reported that the Apple AirTag might be hacked to switch the default Discover My hyperlink with a customized hyperlink for NFC readers. This manipulation was comparable in nature to what has now been discovered on the Discover My community.


We dive into all issues Apple — iPad Professional, iMac, Apple TV 4K, and AirTag — this week on Orbital, the Devices 360 podcast. Orbital is obtainable on Apple Podcasts, Google Podcasts, Spotify, and wherever you get your podcasts.

For the most recent tech information and critiques, observe Devices 360 on Twitter, Fb, and Google Information. For the most recent movies on devices and tech, subscribe to our YouTube channel.


Jagmeet Singh writes about client expertise for Devices 360, out of New Delhi. Jagmeet is a senior reporter for Devices 360, and has ceaselessly written about apps, laptop safety, Web companies, and telecom developments. Jagmeet is obtainable on Twitter at @JagmeetS13 or E-mail at jagmeets@ndtv.com. Please ship in your leads and suggestions.
Extra

Samsung Galaxy F02s, Galaxy M02s Obtain Android 11-Based mostly One UI 3.1 Core Replace in India: Reviews

Associated Tales