Apple’s New ‘Find My’ Can Find Your Devices Even When They’re Offline
Rumor has it that Apple has merged its Find My Friends and Find My iPhone applications into a new application called ‘Find My’. Apple explained to Wire how the application works and how it is monitored by implementing efficient cryptography, even if they are offline. The new Find My app uses Bluetooth signals from nearby Apple devices to keep track of your device without a mobile connection.
When Craig Federighi described the application and how it works in WWDC 2019, he stated that the application uses an “end-to-end encrypted and anonymous” mechanism that ensures that only you can track your device and even Apple cannot identify your location.
It’s noteworthy that iOS 13 ‘Find My’ offline mode requires two Apple devices. The second device has the key that decrypts the key to track the location of your lost device.
How does Offline tracking work?
Apple also explained how the application implements a complex cryptographic process that will receive a steady Bluetooth signal from both devices. These signals contain a constantly evolving key that is recognized by nearby Apple devices to encrypt and load their geolocation on Apple servers.
Nevertheless, the location data can only be decrypted by its second device because it only has keys to decrypt.
Since the public key is usually “dynamic and moving round”, it is almost impossible for someone to intercept Bluetooth signals and track their location.
For example, if your iPhone is stolen and put in airplane mode. The iOS device will keep on sending a public key via Bluetooth till some nearby iOS or MacOS device detects this signal, it will then encrypt its location data with the public key that is emitted in Bluetooth signals. The public key cannot be used to track the owner of the device, since it does not contain any personal identifiers.
The nearby iPhone or MacOS device downloads the encrypted location and hash of the lost public key from the iPhone. Since only your second device has the private key to decrypt the location, no one can access it, not even Apple.
However, the second device’s public key does not match the public key on your iPhone because it is always running. Apple has not explained how this works, but it is possible that all previous public keys will be released and Apple can then apply an algorithm to extract the previous location of the lost device.
This is a complex mechanism. However, if Apple does, it may be an excellent way to track the location of offline devices and ensure that users’ privacy is not compromised.
Kevin Jones951 Posts
Kevin Jones, Ph.D., is a research associate and a Cyber Security Author with experience in Penetration Testing, Vulnerability Assessments, Monitoring solutions, Surveillance and Offensive technologies etc. Currently, he is a freelance writer on latest security news and other happenings. He has authored numerous articles and exploits which can be found on popular sites like hackercombat.com and others.