Cybersecurity researchers have discovered vulnerabilities in Apple’s location tracking system. They made it possible to track the movements of users.
The vulnerabilities reportedly allowed unauthorized access to user location history over the past seven days.
They were in the Find My function. It makes it easy to find Apple devices. The technology transmits Bluetooth Low Energy (BLE) signals to devices that are close enough. As a result, the location of the device turns out to be on Apple servers. Essentially, every device on the network becomes a broadcast beacon.
Although Apple cannot decrypt the user’s location data, it is possible to correlate different people’s geolocation. “Law enforcement agencies can use this problem to de-anonymize participants in (political) demonstrations, even when participants put their phones in flight mode. Malicious applications for macOS can extract and decrypt the last seven days’ location reports for all users and all their devices since the cached rolling ad keys are stored in the file system in clear text, ”the experts said.
That is, the vulnerability allowed attackers to obtain decryption keys. The problem has already been fixed.