:no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22345345/FindMyOverview.png)
Apple has promised to open its Find My app to third-party accessory manufacturers. But beyond this, there is a new tool that will allow anyone to create their own Bluetooth tracking tags to use with Find My Network so that they can track its location. Openhaystack Is a new open source tool developed by security researchers Secure Mobile Networking Lab, Which essentially invertively reverse-registers Apple devices into the Find My Mesh network.
This is, in essence, a way to create your own DIY AirTags today.
OpenHaystack works through a custom Mac app that can be used to track the location of custom tags you create. At the moment, the device has direct support for creating tracking tags using a BBC Micro: Bit Mini computer, although other Bluetooth Low Energy (BLE) device support may be added by other developers in the future. Once registered on Apple’s Find My Network, the OpenHackstack app will be able to report the tag’s location for iPhones and other Apple devices, just like Apple’s Find My app.
The whole system is a little hack – in the sense that it is complex, not in the sense that it is actually hacking anything. It uses a plugin for Apple Mail (which authenticates you as an actual Apple user) to get the necessary access to Apple’s Find My Network to create and search for keys – so for Mail to work OpenHaystack requires running.
There aren’t serious security implications for Find My Network, either (although the team is) Submitted another bug report to apple) Belongs to. This does not mean that you should just go ahead and start using OpenHaystack. An important disclaimer on the project is:
OpenHaystack is experimental software. Code is unused and incomplete. For example, using our OpenHaystack tag Firmware Broadcast a fixed public key and are, therefore, trackable by other devices in proximity (this may change in future releases). OpenHaystack Apple Inc. Not affiliated with or supported by.
A high-level understanding of the security model for Find My works also helps to understand why OpenHackstack is possible.
Find my work using a combination of public and private keys. Any Apple user can access the public key for devices in Find My Network, but you actually need a private key to access location information. It also does not mean that Apple can access your location information without your private key. The network is possible because Apple devices track the public key publicly, but only users can get location data from the private key.
What OpenHaystack does is create one of those public / private key pairs for its own Bluetooth tag and use Apple Mail to register it in my network to find it. For Apple, it looks like just another iPhone. The Mac app then accesses the public key database, associating it with the private key you created, and bam: secure location data.
From the way it is designed, it seems that it may be easier for Apple to simply cut OpenHaystack and also cut a bunch of older Apple devices. However, it is also certainly true that Apple as a company will not like the whole thing and may try to find a way to block it. A developer can use the system to create a way to connect Android devices to Find My Network.
The team behind OpenHaystack wrote Paper describes its methods And exposing a certain security flaw. Also released Source code for its firmware, Which other developers can use to optimize OpenHaystack for other BLE devices.
Apple Official Support for third-party accessories is still coming. Belkin has already announced a set of earbuds that will support Find My. Given how complex OpenHaystack’s setup is, it likely won’t result in mass adoption. This is similar to some methods of AirMessage and Beeper, two devices that redirect iMessages to Android devices using Mac utilities. Apple’s ecosystem has somehow been shut down, but the Mac finds a way.
Leave a Reply