- The paper demonstrates that relay attacks can inject manipulated location reports into Apple’s Find My system, misleading both owners and backend services.
- The methodology involves capturing BLE advertisements and using custom hardware to relay signals, proving the feasibility of the attack with commodity devices.
- The study highlights significant security implications, exposing a trade-off between privacy and authenticity, and suggests potential anti-stalking countermeasures.
Introduction
This paper rigorously investigates the security and privacy implications inherent in Apple's AirTag item-finding ecosystem, with a focus on exploiting gaps in the privacy-agnostic design of the Find My protocol. The main contribution is the demonstration and in-depth characterization of a practical relay attack that enables adversaries to inject manipulated location reports and thus mislead AirTag owners and Apple’s backend about the true location of a tag. The findings challenge assumptions regarding the integrity of crowdsourced geolocation reporting when end-to-end privacy is prioritized at the protocol level without robust location authenticity guarantees.
Attack Model, Methodology, and Implementation
The attack is predicated on the fact that Apple's Find My protocol encrypts location reports from participating iDevices before submission, protecting ownership privacy but preventing the server from authenticating the truthfulness of uploaded locations. The authors empirically validate that this design enables a relay attack:
- The adversary captures BLE advertisements emitted by a target AirTag.
- These beacons are then rebroadcast—either locally or at a remote site—using custom hardware and open-source BLE tooling capable of arbitrary MAC address injection (notably Linux and ESP32 platforms).
This relaying causes proximate iDevices at the rebroadcast site to detect the AirTag and generate location reports referencing a false position, effectively spoofing the AirTag’s location in the Find My system.
Figure 1: Relaying an AirTag's BLE advertisments over the Internet injects false location reports into the Find My system.
The experimental campaign is conducted under controlled conditions, with careful isolation of the AirTag signals, systematic collection and timestamping of BLE advertisements, and validation of relay-induced geolocation falsification via controlled replays using a relay server.
Empirical Characterization of Protocol Behavior
The study details nuanced protocol behavior in response to relayed beacons, including:
These findings are validated across multiple platforms and device configurations, reflecting the robustness and practical feasibility of the proposed attack vector.
Implications and Impact
The results expose a significant security-privacy trade-off in the Find My protocol implementation. While privacy guarantees are strong—ensuring neither Apple nor relay device owners can connect reports to tag owners—the lack of authenticity/auditability for submitted locations directly enables targeted DoS and location spoofing. This vulnerability is critical when AirTags are used for high-value asset tracking or safety applications, as adversaries can effectively render the owner unable to recover an item or trust Find My’s reports.
On the practical front, these attacks are well within reach for moderately resourced adversaries using commodity platforms and open-source tools. The work also identifies the potential for protocol manipulation not only as an attack, but potentially as an anti-stalking countermeasure, should relay functionality be deliberately deployed to obfuscate surreptitious tracker placement.
From a theoretical standpoint, this research highlights the difficulty of guaranteeing both end-user privacy and report integrity in crowdsourced networking protocols for physical-world tracking—a consideration increasingly pertinent as similar BLE-based systems proliferate.
Future Directions
The authors propose investigating which algorithms the Find My app uses to reconcile inconsistent or maliciously injected location reports (e.g., averaging, voting), as well as extending their evaluation to competing tracker ecosystems (e.g., Chipolo, Samsung SmartTag, Tile) to determine if similar privacy-integrity conflicts exist. Furthermore, the dual-use potential of relaying as an anti-stalking measure represents an unexplored defensive avenue that may warrant careful protocol redesign to strike an optimal privacy/security balance.
Conclusion
This work conclusively demonstrates that Apple’s AirTag and Find My protocol are susceptible to practical relay attacks facilitated by structural privacy features. By leveraging the lack of server-side validation and the protocol’s acceptance of unverified reports, adversaries can inject manipulated locations, denying legitimate tag recovery or executing targeted misinformation attacks. These findings call for careful reevaluation of protocol design choices to adequately address the tension between privacy and authenticity, informing both future item-tracking hardware and broader BLE crowdsourcing architectures.