Page 113

Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Previous Chapter

Page 112

Next Chapter

Page 114

111

make.co

piggybacked on — and even extended — with self-

built AirTag clones.

How Does Find My Work?

When AirTags are not in proximity of their paired

device, they constantly emit Bluetooth Low Energy

beacon messages. Nearby Apple devices that

receive those beacon signals recognize them as

Find My broadcasts and upload their own location

to Apple. The location reports are associated with

the received broadcast and encrypted in a way

that allows only the AirTag owner to decrypt the

location, not even Apple themselves.

In more detail, the AirTag pairing and finding

process works like this:

1. When pairing an AirTag with an Apple device, a

key pair and a shared secret are generated. The

shared secret and the public key are stored on

the AirTag, but only the Apple device knows the

corresponding private key.

2. Every 2 seconds, the AirTag sends a Bluetooth

Low Energy broadcast with a public key as

content, which changes periodically and is

generated using the previously shared secret.

3. Nearby Apple devices recognize the Find My

broadcast, retrieve their current location,

encrypt the location with the broadcasted

public key, and then upload the encrypted

location report.

Fabian Bräunlein, OpehHaystack

4. When searching for the AirTag, the paired

Apple device generates a list of the rolling

public keys that the AirTag has used in the

last days and queries an Apple service for

their hashes. The Apple backend returns the

encrypted location reports for the requested

public key hashes.

5. The Owner Device decrypts the location reports

and shows an approximate location.

Luckily for hackers and makers, this design

does not allow differentiating the broadcasts of

legitimate Apple devices (or licensed third parties)

from those of homemade clones. Furthermore,

the Apple location retrieval backend does not (and

cannot) check whether the user actually owns the

AirTag they are requesting location reports for. It’s

a free ride, ripe for DIY experimentation.

M83_110-17_SB_AirTags_F1.indd 111M83_110-17_SB_AirTags_F1.indd 111 10/11/22 1:35 PM10/11/22 1:35 PM

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Page 113

Create new playlist

Sign In

Sign Up

Table of Contents for
Page 113