hngopher.com

       [HN Gopher] OpenHaystack: Tracking Personal 'AirTags' via Apple'...
       ___________________________________________________________________
        
       OpenHaystack: Tracking Personal 'AirTags' via Apple's Find My
       Network
        
       Author : mstute
       Score  : 69 points
       Date   : 2021-03-04 14:01 UTC (9 hours ago)
        
 (HTM) web link (github.com)
 (TXT) w3m dump (github.com)
        
       | filleokus wrote:
       | Awesome work! I can recommend people interested in the iOS/Apple
       | ecosystem to check out the Secure Mobile Networking Lab of TU
       | Darmstadt in general. They do a lot of cool stuff in the space, a
       | good starting point might be https://owlink.org.
       | 
       | As a side note: I wonder what the story is on the whole AirTag
       | hardware project. It's becoming so "delayed" that reverse
       | engineered implementations are here before.
        
         | djrogers wrote:
         | This isn't a reverse engineering of airtags - this find me
         | service has been available for Apple devices via the same
         | bluetooth mechanism (iPhones and MacBooks) for a couple of
         | years now.
        
           | mstute wrote:
           | It has been available since iOS 13/macOS 10.15
        
       | nathanielostrer wrote:
       | Could you make this work with a tile?
        
       | tinus_hn wrote:
       | How does Apple prevent me from using this to track random people
       | based for instance on their Bluetooth headphones?
        
         | CubsFan1060 wrote:
         | https://www.macrumors.com/2021/03/04/ios-14-5-item-safety-fe...
         | 
         | Is that what you're asking?
        
         | ArchOversight wrote:
         | If you are within BLE range you can "track" someone, but that
         | is already the case with wifi/bluetooth in general.
         | 
         | Even known the public key, you can download the encrypted
         | reports from Apple, but since you don't have the private key
         | you can't decrypt the location messages.
        
           | AlotOfReading wrote:
           | That's why devices that aren't intended to be beacons are
           | supposed to enable address randomization. It still has some
           | security issues and undirected advertising of unique public
           | keys obviously defeats the point, but it's more difficult to
           | track than classic devices were.
        
         | bberenberg wrote:
         | You would have to flash their headphones with custom firmware
         | to do this. Take a look at https://github.com/seemoo-
         | lab/openhaystack#how-does-apples-f...
        
           | tinus_hn wrote:
           | All right, so it isn't normal Bluetooth devices but requires
           | a special feature in the device.
        
       | mensetmanusman wrote:
       | Start enabling ipv6 on your routers, these iot devices are going
       | to break ipv4.
        
         | jon-wood wrote:
         | These devices don't have a network connection, tracking is done
         | via BLE which just broadcasts a beacon regularly and is then
         | picked up by nearby Apple devices which do have a connection.
        
         | Solocomplex wrote:
         | It breaks a lot of cheap IOT devices without 6to4 translation
        
       ___________________________________________________________________
       (page generated 2021-03-04 23:01 UTC)