Quote:Two vulnerabilities in a crowdsourced location-tracking system that helps users find Apple devices even when they’re offline could expose the identity of users, research claim.
Offline Finding, a proprietary app introduced by Apple in 2019 for its iOS, macOS and watchOS platforms, enables the location of Apple devices even if they aren’t connected to the internet. While this capability in and of itself is not unique to the company, Apple promised that the technology could conduct its task in a way that preserves user privacy.
While for the most part the technology lives up to its privacy goals, it does have flaws that “can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could de anonymize users,” a research team from the Technical University of Darmstadt, Germany, wrote in a paper published online (PDF).
Researchers Alexander Heinrich, Milan Stute, Tim Kornhuber and Matthias Hollick set out to discover if Apple’s claims that OF ensures finder anonymity, does not track owner devices, and keeps location reports confidential actually hold up under scrutiny. They have notified Apple of their findings, and the company has responded with a fix for the more serious flaw.
Of depends on a network of hundreds of millions of devices, which makes it the largest crowd-sourced location tracking system in existence. Moreover, it’s poised to grow even larger when OF rolls out future support for non-Apple devices, researchers observed.
The system works by using its network of so-called “finder” devices to locate “lost,” unconnected devices using Bluetooth Low Energy (BLE). The finder devices that are connected to the internet can then relay location info back to the owner of the lost device.
Read more: https://threatpost.com/apples-location-s...es/164615/
![[-]](https://www.geeks.fyi/images/collapse.png)
