back to article Apple's Find My network can be abused to leak secrets to the outside world via passing devices

Apple's Find My network, used to locate iOS and macOS devices – and more recently AirTags and other kit – also turns out to be a potential espionage tool. In short, it's possible to use passing Apple devices to sneak out portions of information from one place to another, such as a computer on the other side of the world, over …

  1. Mishak

    "Faraday-shielded sites that are occasionally visited by iPhone users"

    I would hope that such a site would have a strictly-enforced "no devices" policy in place!

    1. JWLong Bronze badge

      Re: "Faraday-shielded sites that are occasionally visited by iPhone users"

      Yeah, that would be right after anyone develops an OS certified as secure.

    2. vtcodger Silver badge

      Re: "Faraday-shielded sites that are occasionally visited by iPhone users"

      I seem to recall that attempts to get American politicians like Donald Trump and Hillary Clinton to practice some sort of secure handling of cell phones within classified environments were reported to be less than a total success. I suspect that will be true of their peers worldwide.

      1. Geoff Campbell

        Re: "Faraday-shielded sites that are occasionally visited by iPhone users"

        I can't speak for our colonial cousins, but on MoD sites in the UK it's very common to have armed guards requesting that one put any mobile devices, memory sticks, or digital media of any sort into a locker before entering certain areas.

        Which can make administration work on servers a bit of a chore.

        GJC

        1. DS999 Silver badge

          Re: "Faraday-shielded sites that are occasionally visited by iPhone users"

          Sure, they do it for you but what about Boris Johnson and other high level government people? Are those armed guards at MoD sites requiring the same of the brigadier general in charge? It would only take one guy getting in without having to give up his iPhone (or Apple Watch?) for this attack to work.

          Granted, you better have some pretty tiny data you're looking to steal. i.e. it could work if you somehow had stolen a very important private key and were able to use this to push it onto someone's phone to carry to the outside world. The detailed plans for a new aircraft carrier, not so much.

          1. Trigonoceps occipitalis Silver badge

            Re: "Faraday-shielded sites that are occasionally visited by iPhone users"

            " ... MoD sites requiring the same of the brigadier general in charge?"

            The British Army has not used the rank of Brigadier General since the First World War.

            1. DS999 Silver badge

              Re: "Faraday-shielded sites that are occasionally visited by iPhone users"

              But ... but ... what about the one on Doctor Who? Surely show about a time traveling alien strives for accuracy in its representation of a secret military organization in the UK?

              Anyway, substitute whatever some high rank the UK currently uses in...you get my point.

          2. Geoff Campbell

            Re: "Faraday-shielded sites that are occasionally visited by iPhone users"

            My experience was that rank did not matter, everyone was expected to comply. I do not profess to have carried out an exhaustive study, however.

            GJC

    3. Velv
      Boffin

      Re: "Faraday-shielded sites that are occasionally visited by iPhone users"

      Yup, every one I've visited had a deposit scheme to check in your device in either a locker or on shelves behind security and you were given a token to retrieve it.

  2. Hubert Cumberdale Silver badge

    I saw the stock image on this article and assumed it would be something about Israel's Iron Dome missile system...

  3. chivo243 Silver badge

    Nothing new here

    I know students were using the iTunes library name to share info... You can(could?) name your shared library anything you want and share it over the LAN.

    1. David Nash

      Re: Nothing new here

      I think the point here is that this works "from devices without an internet connection".

  4. Red Ted Silver badge
    Coat

    “Because Apple designed Find My with privacy in mind”

    Possibly a first for an IoT system provider?

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021