Find My Network Exploit Turns Any Bluetooth Device Into a Tracker

by

George Mason University researchers claim to have uncovered a serious vulnerability in Apple's Find My network that allows hackers to track virtually any Bluetooth-enabled device without the owner's knowledge.

find my friends precision finding
Called "nRootTag," the exploit tricks the Find My network into treating ordinary Bluetooth devices as if they were AirTags, allowing hackers to turn laptops, smartphones, game controllers, VR headsets, and even e-bikes into unwitting tracking beacons.

Find My works by having AirTags and other Find My-compatible items send Bluetooth signals to nearby Apple devices, which then anonymously relay location data to Apple's servers. The researchers discovered they could manipulate cryptographic keys to make the network believe any Bluetooth device was a legitimate AirTag.

The research team found that the attack has a 90% success rate and can pinpoint a device's location within minutes. "While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location," said one of the researchers.

What makes the exploit even more concerning is that it doesn't require physical access or administrator privileges on the target device – it can actually be executed remotely. In their experiments, the team successfully tracked a stationary computer with 10-foot accuracy and even reconstructed the exact flight path of a gaming console brought onboard an airplane.

The attack does require fairly hefty computing resources – the research team used hundreds of graphics processing units to quickly find matching cryptographic keys. However, they note that this could be achieved relatively inexpensively by renting GPUs, which has become a common practice in the crypto-mining community.

The team said they notified Apple about the vulnerability in July 2024, and Apple says that it protected against the vulnerability in December software updates.

Even after Apple implements a fix, the researchers warn the vulnerability could persist for years as many users delay updating their devices. "The vulnerable Find My network will continue to exist until those devices slowly 'die out,' and this process will take years," said one researcher.

The research will be formally presented at the USENIX Security Symposium in August. The team recommends users be cautious about apps requesting Bluetooth permissions, keep their devices updated, and consider privacy-focused operating systems for better protection.

Update: This article has been updated to clarify that Apple bolstered the Find My network in December 2024 to protect against this type of attack.

Tag: Find My Guide

Popular Stories

iPhone 17 Pro Dark Blue and Orange

iPhone 17 Release Date, Pre-Orders, and What to Expect

Thursday August 28, 2025 4:08 am PDT by
An iPhone 17 announcement is a dead cert for September 2025 – Apple has already sent out invites for an "Awe dropping" event on Tuesday, September 9 at the Apple Park campus in Cupertino, California. The timing follows Apple's trend of introducing new iPhone models annually in the fall. At the event, Apple is expected to unveil its new-generation iPhone 17, an all-new ultra-thin iPhone 17...
Read Full Article56 comments
xiaomi apple ad india

Apple and Samsung Push Back Against Xiaomi's Bold India Ads

Friday August 29, 2025 4:54 am PDT by
Apple and Samsung have reportedly issued cease-and-desist notices to Xiaomi in India for an ad campaign that directly compares the rivals' devices to Xiaomi's products. The two companies have threatened the Chinese vendor with legal action, calling the ads "disparaging." Ads have appeared in local print media and on social media that take pot shots at the competitors' premium offerings. One...
Read Full Article199 comments
crossbody strap

iPhone 17's 'Crossbody Strap' Accessory to Feature Magnetic Design

Thursday August 28, 2025 7:49 am PDT by
Apple's cases for the iPhone 17 lineup will be accompanied by a new Crossbody Strap accessory with a unique magnetic design, according to the leaker known as "Majin Bu." Apple's Crossbody Strap reportedly features an unusual magnetic design; it likely has a "flexible metal core" that makes it magnetic along its entire length. At the ends, "rings polarized oppositely to the strap close the...
Read Full Article109 comments
Awe Dropping Apple Event Feature

Five Things to Expect From Apple's 'Awe Dropping' September 9 Event

Tuesday August 26, 2025 4:17 pm PDT by
Apple today announced its "Awe Dropping" iPhone-centric event, which is set to take place on Tuesday, September 9 at 10:00 a.m. Pacific Time. There are a long list of products that are coming, but we thought we'd pull out five feature highlights to look forward to. That Super Thin iPhone - Apple's September 9 event will see the unveiling of the first redesigned iPhone we've had in years, ...
Read Full Article114 comments

Top Rated Comments

JuicyGoomba Avatar
JuicyGoomba
26 weeks ago
But but but Timmy told me that the real threat was letting people install those pesky 3rd party app stores!

angrybabyfistshake.gif
Score: 20 Votes (Like | Disagree)
NMBob Avatar
NMBob
26 weeks ago
Finally! Something that just works!
Score: 17 Votes (Like | Disagree)
0049190 Avatar
0049190
26 weeks ago
I’m ok. Whenever I login to my Apple account it sends me a verification message saying I am 200 miles away from where I actually am.
Score: 8 Votes (Like | Disagree)
klasma Avatar
klasma
26 weeks ago
Website: https://nroottag.github.io/

How it works (from the link above):
[LIST=1]
* Through pairing, an AirTag shares the public / private key information with the owner’s device.
* When the AirTag is separated from the paired device, it advertises its public key via BLE advertisements, known as lost messages.
* Nearby Apple devices, referred to as finders, generate encrypted location reports and send them, along with the hashed public key, to the Apple Cloud.
* The Apple Cloud allows anyone to use a hashed public key to retrieve the associated location reports, which can only be decrypted using the correct private key. To ensure anonymity, finders do not authenticate whether a lost message is sent from an Apple device.

IIUC, any program that can send BLE advertisements can make the device it’s running on trackable via Apple’s Find My network.
Score: 8 Votes (Like | Disagree)
ikramerica Avatar
ikramerica
26 weeks ago
The author does a poor job if explaining how the hack works.

How did they locate the desktop computer remotely without hacking it and:

A. and finding out it exists
B. Knowing it’s Bluetooth information
C. Broadcasting the BT to Find My as an Airtag

Also, if the Find My network sees it as an Airtag, aren’t nearby iPhone users going to get an alert that an AirTag has been near them that doesn’t belong to you?
Score: 7 Votes (Like | Disagree)
I7guy Avatar
I7guy
26 weeks ago
Interesting vulnerability. How easy or hard to deploy? What is the actual threat level? And I presume one can’t be tracked if Bluetooth is off.
Score: 5 Votes (Like | Disagree)
Read All Comments