Security researchers at George Mason University have uncovered a serious vulnerability in Apple's Find My network that could allow malicious actors to secretly track any Bluetooth device without the owner's knowledge.
The researchers discovered a way to manipulate Apple's Find My system to essentially convert any Bluetooth-enabled device into an unauthorized tracking beacon, similar to an AirTag. This exploit bypasses Apple's built-in anti-stalking protections that are designed to prevent unwanted tracking.
The security flaw raises major privacy concerns, as it could potentially enable stalkers and other bad actors to monitor people's locations by targeting their phones, laptops, and other Bluetooth devices without detection. The vulnerability affects Apple's entire Find My network infrastructure, which millions of users rely on to locate their lost or stolen devices.
While Apple's Find My feature was created to help users track their own Apple devices and accessories, this newly discovered exploit demonstrates how the system could be weaponized for malicious purposes. The researchers were able to silently track Bluetooth devices through Apple's network without triggering any of the usual safety notifications that warn users they're being followed.
The discovery comes at a time of increased scrutiny around location tracking technologies and their potential for misuse. Apple has not yet commented on the security researchers' findings or announced plans for patching the vulnerability.
Security experts recommend users remain vigilant about unexpected Bluetooth connections and regularly check their devices for signs of unauthorized tracking while awaiting an official fix from Apple.