1. At setup, Find My generates private key shared to all your Apple devices.
2. The private key generates a perpetual sequence of public keys. These change (iterates to the next) "frequently".
3. The rotating public key is shared accross all (including other people's) Apple devices via Bluetooth and can even do this when it's off.
4. The shared scheme pings to Apple's central system and uploads A. hashes of the public keys in the area and B. the location.
5. When you try to find a device you send your hashed public key to Apples server and they return the last picked up location (encrypted). (You thus need at least 2 Apple devices, one to find the other. Also, they don't say how the previously iterated public keys are remembered.)
This seems very very impressive. But I have so many questions still. The most important one being, there has to be a way to reset these tracking keys for cases like
- Resell
- Loss of a companion device that was never found and it took the private keys with it
- Got a new companion device
How do I reset the keys and how do I make sure a theif can't reset these?
It feels like that can be exploited in some ways. As a first thought it reduces the privacy of the reporting 3rd party phone. I.e. I can leave a fully charged phone in my wife’s car and track her for weeks while she will have the burden to recharge her phone for network/gps power.
A regular gps tracker would need much more energy.
Edit: another scenario, leave it in an isolated hut. If I get a signal, someone is close to the hut.
Edit 2: if I piggy back the protocol and can manipulate the key schedule (chose key A or B) then I can leak one bit of information through the third party phone. The third party phone may be allowed to communicate while my sender isn’t.
Another scenario, leave it in an isolated hut. If I get a signal, someone is close to the hut.
You could do that already with a device, just by making an app that listens for Bluetooth or WiFi traffic. You’d also be able to grab MAC addresses of the nearby phones. Your ‘exploit’ isn’t revealing any more than you can already discover today.
If there’s internet connectivity, and you’re sophisticated enough to be planning Find My iPhone based booby traps, firing off a text message from a contained detector shouldn’t be a challenge
Anecdotally: a friend of mine left his iPad in his wife’s car. When looking for through Find My iPhone, he realized that she’s at her ex-boyfriend’s place. He is married happily to another wife now...
You can already do this with a Tile. Leave a Tile in your wife's car and every phone with the Tile app in her vicinity will report her location to you.
So effectively none. I've never even heard of Tile before this. Leveraging the whole Apple ecosystem for this sounds a lot more promising and will probably kill any competitor that depends on installing an app, even if that supports multiple platforms.
This mechanism is very low power, and it allows making tiny devices that can be used for tracking suspects. Maybe this is actually why they made it (someone asked if they could make it).
Edit: Maybe Apple will introduce tiny key fobs that can be tracked so you can find your keys or other things.
I was wondering why they changed the name, I mean "Find My iPhone" could already find macbooks and ipads but now it sounds like they're going much broader than Apple devices.
That only works if the devices report WHO saw the missing device. If they both report up that the device is in the area ask but don’t say who is making the report then you can’t figure that out.
Apple sees the reporting device’s ip-address. Obviously Apple is in an excellent position to spy you anyway, but the claim that even Apple doesn’t know where the turned off device is doesn’t hold for the reporting devices: Apple can infer which reporting devices are in proximity.
And they possibly even know who the reporting IP is because of iCloud.
But reporting device A and B were in Bluetooth distance to lost device C. Therefore A and B were close together (like a few meters). It’s a huge improvement over A and B were in the same mobile cell.
You can then use the IPs to identify who are A and B.
If you have a subpoena to sniff data to Apple from device X then you can use that to some extent track the location of X by spreading your Tags T_1,...,T_n in interesting places. If X reports T_i you know the location of X, this could be more precise than the usual cell phone tracking because X reports its position with GPS precision.
How long can one plausibly leave a phone in someone's car, asking for location updates the entire time, while claiming not to remember leaving it there?
"I lost it under the seat"?
And the point is it's not actively asking for location updates, which would drain battery. You just leave it with cellular off and it sends the standard Find My pulse over Bluetooth.
I am reminded of a section in Neal Stephenson's The Diamond Age where (some guy) takes a whole day to track the history of the young protagonist in an internet cafe - and an explanation of passing packets between passing devices as if handing parcels to random strangers as they walk down the street always stuck in my mind
This seems to be saying that Apple has a big mesh network play ready sometime soon.
Want to bet they have a good idea of coverage already and need some testing - they might not be able to see your location but they will see the location of every phone passing your public key encrypted bits back - they get to test their mesh network ? Or am I missing something?
There is one consumer push for a mesh-networking phone that was in the news recently, Volk Fi. Their idea is to use 900MHz radios in smartphones to hop several miles to the nearest wired hub, alongside a cellular SIM, where a hub owner earns credit for data relayed through it. Some pessimism surrounds them though.
> see the location of every phone passing your public key encrypted bits back
My understanding is that (in this scheme) all location data is encrypted by keys unknown to apple, i.e. the reporter uses the lost device’s public key to encrypt its location and transmits it together with the hash of the key.
Is this scheme where the public key can somehow rotate on it's own, while still being decryptable by the unrotated private key a new thing?
I had not heard of it before.
Edit: This other comment in the thread points at an article with some guesses as to how it might work. It mentions a system called Elgamal that has a scheme somewhat like my description above: https://news.ycombinator.com/item?id=20134956
I'm sure it's an oversimplification of the description of the protocol. For example Apple could use a "base private key" that's just a seed fed to a CSPRNG to generate a series of EC private keys. The client can then rotate through this series of keys, while the "base private key" never changes.
Similar to mrb's answer, but this sounds like essentially how cryptocurrency wallets work. You can just remember the root key phrase, and that is used to generate tons of addresses (i.e. keypairs). Access to the root keyphrase allows you access to money sent to any of the addresses.
Cryptocurrency wallets use the BIP32 scheme which provides an even neater ability: from a root public key alone you can generate a series of children public keys, no private keys are involved in the calculation. (And whoever posses the root private key can generate the corresponding series of children private keys.) The technical aspects are described in https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi... But that's overkill given the simpler requirements of Find My. Each device stores the private key so they don't need something with the feature set of BIP32.
Used by some cetptocurrencies (like monero) to implement stealth addresses. Allows the sender to derive a new public key for each message sent and the receiver to derive the corresponding private key.
Sounds like a TOTP -> public key nonce of some kind to me.
Or quite possibly it's just using the current time as a nonce. I believe nonces are public info anyway and it doesn't matter if it's predictable (they're often incremental).
Yes? Maybe you're right. It was intended to be a desperate plea at wanting readable English from generic English comments, therefore I did not include a question mark, as it was a plea. You might be right though!
If the phone is broadcasting the public key couldn't some malicious actor simply send the wrong location? Also couldn't they simply put it in a faraday bag or wrap in some tin foil?
Correct, reverse engineering the Find My protocol or intercepting & modifying the location API should let any half-competent hacker send bogus encrypted locations to Apple's database. What's the point though? You are just hampering with someone's effort to locate their lost device. Maybe you could steal multiple devices and purposefully spoof the location of your enemy's house, and the police will show up at their door to recover the stolen devices. Seems too high-effort for too little gain to me.
Also, in my experience, the police will not do that for you. My wife had her phone stolen from her and we were able to pinpoint the exact location and provide it to the police, they said they would not act on this information.
Just one small anecdote, but I can't imagine many departments taking it upon themselves to do so.
My wife had her phone stolen from her and we were able to pinpoint the exact location and provide it to the police, they said they would not act on this information.
Be sure to bring this up the next time the city asks for a tax increase for police funding.
> Also couldn't they simply put it in a faraday bag or wrap in some tin foil?
If you're a thief and you want the phone to stop broadcasting, AFAIK you can just turn it off (as opposed to leaving it in sleep mode). But you'll have to deal with Activation Lock, which has been around for years and makes the phone a brick without the original owner's Apple ID. The new feature, on the other hand, is more applicable to devices that are just lost, not stolen.
> couldn't they simply put it in a faraday bag or wrap in some tin foil?
Yes, but (1) that increases the difficulty of stealing such devices and (2) doesn’t help opportunistic or stupid thieves. Nobody is claiming that Find My makes Apple products unstealable.
Location is encrypted with key, so just faking particular location is impossible. And I guess, they'll transmit some incrementing number or timestamp to fight re-transmission attacks.
The nearby phone is the one encrypting its own location with the public key broadcasted, so in theory fake location is possible if you had control over the protocol in all nearby devices.
Public keys are essentially trackable metadata if they're shared. The proposed hash of time + public key would be guessable if you had access to a particular public key. Apple certainly could get the public key.
They wouldn't know specifically what data was in the encrypted message, but with enough attributes (IP, time, Apple ID, etc) they could obviously gather a high-confidence amount of tracking data still.
There is always the risk of rogue employees, but what they're probably talking about here is that they also can't be compelled to reveal the location by someone else. They probably don't want to actually say that since it might be misconstrued as trying to skirt the law or being uncooperative with law enforcement.
Isn't the explicit goal of a feature like that to be uncooperative with law enforcement? Who else is going to (attempt to) compel them to reveal user location data?
It's not that they're trying to be uncooperative with law enforcement though -- the fact that it prevents law enforcement from getting location data is a side effect of protecting privacy from everyone (marketers, hackers, etc) rather than it being the explicit purpose of keeping it from law enforcement. Which is why they probably want to be very careful about how they word it -- because some people might see it as the purpose rather than the side effect.
The feature of rotating public keys to enhance privacy is already used in cryptocurrencies, especially in the underpinnings of Monero. Here's one thread discussing how to make a mechanism to generate new public keys on demand: https://crypto.stackexchange.com/questions/58022/a-method-to...
Instead of only finding the location of my stolen device, what I really would like is using this to remote wipe my device, before someone else can or will turn it on (if it has been turned off).
Because it is not like I will fly to some other country to catch the thief or new owner of my stolen device.
That's a feature of Find My, and has been for years on iOS. They're bringing it to macOS this year for devices with a T2 chip (the newer MacBooks, basically).
To clarify: this applies to a Mac that has been locked.
That is, if the Mac is locked with Activation Lock, it wouldn't be possible to install another OS; the firmware itself will lock the user out of the computer entirely until the machine is unlocked. This dissuades thieves from stealing your MacBook as it will effectively be useless for anything other than parts, and most thieves aren't in the tiny-amounts-of-aluminium-relative-to-if-they-just-stole-cars recycling business.
I clarify because I don't want anybody thinking one is entirely unable to install another OS at all. That is possible, but of course you lose out on macOS features like Activation Lock.
I keep reading that Apple already randomises MAC addresses for privacy purposes, but then how do its devices stay logged in to 'captive' WiFi, or more problematically, paired with Bluetooth devices?
Are the addesses only randomised for broadcast / new pairs?
Is the connectivity layer considered: Is the 3rd party "proxy" handler uploading the information using an Apple ID? Does Apple record, store IP information? It seems to me that by using this system you volunteer to send data to Apple constantly which may not reveal your GPS location but will reveal your network location.
I'm happy to see someone trying to innovate in this space. I still wonder if it is okay for journalists and risk affected users to use this or if they should be advised to avoid it.
>Matthew Green, a cryptographer at Johns Hopkins University. "Even if I tracked you walking around, I wouldn’t be able to recognize you were the same person from one hour to the next."
Thos sounds like a great way to track shoppers in, for example, a shopping mall.
If the BLE beacon is broadcasting at a predetermined rate this may also extend tracking past the rotation of keys right?
They aren’t using your social graph, they are using location proximity and transmitting the data inside existing packets sent to cell towers for connectivity purposes. There’s already a ton of information passing to cell towers to identify and negotiate connections with phones that could be used to infer your social graph. You’d have to correlate that with a geo location database that knows about what type of locations you visit as there would be tremendous amounts of false signals at public places like restaurants and malls.
Long story short, Apple, cell tower operators, and mobile providers already have all the data they’d need to make these graphs. If this functions as designed, it will contain much less information and wouldn’t be useful for this purpose (I.e. encrypt requests and don’t pass IP info with them to any systems that have the ability to decrypt them. If you make a few hops to the systems which have the ability to decrypt them and don’t share correlation IDs or the origin IP, there’s no way to correlate these requests back to which device sent them or what IP or cell tower it had).
This was to be expected, given that apple has been slowly taking away the ability to physically turn off your device. Isn't anyone else concerned about the fact that a shutdown laptop will continue to broadcast defying convention and expectations?
That’s not so bad considering that right now, if you don’t have a network connection (say a non-cellular iPad) you can’t find your device AT ALL unless it’s on Wi-Fi.
The Wired article is not detailed enough to definitively poo-poo this scheme, but I am pretty skeptical about some of the claims, given a) how easy it is to map an IP to a coarse location, b) how easy it is to map many IPs to a small number of already-known humans/users.
That is to say: the asym crypto may strongly protect the precise (GPS or LTE triangulation) location from Apple and from others, but I do not see how a cloud-based system can ever hide coarse location from Apple and/or from governments as, given the short range of BT, they can reliably infer that a device (and hence its owner) is/was near whatever IP sends the encrypted precise location to their cloud. Then it's just a matter of mapping the device's "randomized" ID back to an actual user/phone. That seems easy enough as soon as a second device accesses it from an IP that's mappable to a specific residential address, Apple account, etc.
e.g.
A and B both log into iTunes or some other Apple service using a@apple.com and b@apple.com from HOMEIP at some point in the past. HOMEIP is never used by any other Apple accounts.
A(lice) and B(ob) exchange a secret and otherwise begin participating in this "private" tracking scheme.
A goes out shopping and while there it pushes its encrypted precise location to the Apple cloud, using random ID 424242, from MALLIP. Perhaps A's device sends it directly, or perhaps it's relayed from BT to Mall wifi to Cloud by C's device if A has both LTE and wifi disabled.
A few minutes later S(omeone) requests encrypted location for random ID 424242, from HOMEIP.
Apple (and any government compelling it to share information) can reliably infer that "Someone" was A or B attempting to track either B or A, and that the tracked phone was at/near the business address of MALLIP - their coarse location - even if they can't decrypt the precise location without the secret key. If you know from public records that A and B are married, and assume that women are more likely to be at a mall on their own than men, you may further assume that A is at the Mall while B is at home.
Result: the "private"/"encrypted" precise location beaconing has an unfixable metadata side channel that will leak coarse location data to Apple and to any governments that compell it.
What you're saying is basically that this scheme will leak the IP address you're on, because that's just how the internet works.
There's... not much that can be done about that, and there's no need for the scare quotes on the words private or encrypted. Any encrypted communication still uses an IP address that can be mapped to a coarse location; this isn't an Apple related thing.
If you want to be able to find your device (it's opt-in), it needs to relay its location via the Internet. Doing so requires an IP address, which can indeed be mapped to a coarse location in some cases (my own home IP address is totally useless, it says I'm in London when I'm on the other side of the country). I'm not sure what the big deal is.
Well, the Internet does not strictly require all traffic between two parties to go through a MegaCo Cloud. Location privacy in this system would appear to be greatly enhanced (vs Apple-as-an-adversary) if A and B communicated directly, or through a server that they controlled, instead of through iCloud. In concise security terms, Apple man-in-the-middles the encrypted traffic in this system and thus may perform traffic analysis, deanonymization-via-inference, etc as I said above.
It's certainly true that NAT, firewalls, and a lot of other things make direct communication between two iDevices inconvienent and frequently impossible - that's fine and fair enough. But then the Company should not be making at least partially untrue privacy and anonymity claims that are essentially impossible to satisfy when by design all of the traffic flows through their cloud.
AFAICT Apple (and likely its host governments) will still need to be trusted parties in any scheme that flows through their infra, unless you care only about protecting your precise location, and are willing to expose your coarse location to them.
To be clear, they may already have that info from other services, and you'll have to trust Apple a lot anyway since they're making the phone and some custom silicon within it. And them having coarse location is certainly preferable to them having precise location data - so this system (as we are inferring it to work) is not worthless, and is still an improvement over a naive implementation.
But real internet anonymity and location privacy is hard to achieve; just ask any tor developer. So please don't let the marketing dept openly claim that, or even imply that, when the claim can't realistically survive a two minute security audit by HN infosec nerds. To be specific the WWDC claims that "this whole interaction is ... anonymous" and "there’s no need to worry about your ... privacy" are what I am taking some issue with here.
Any mobile device will ping central servers for notifications, update information, ntp, etc etc. Apple or google or at&t will of course always have your current IP address and be able to provide it to police if served a search warrant. In what way is the “find my” service expanding that?
If the gateway used to receive these requests cannot decrypt them and they pass through other connections before decryption, why wouldn’t this be possible? At the point of decryption you’d have the connecting IP of the last hop but if the origin IP isn’t forwarded, and there’s no request correlation ID or other identifying information, the machine processing the request wouldn’t know where the original request came from.
Of course any of the intermediate machines could be tracking this data for correlation purposes but it should be possible to strip it along the way.
If the request data containing the 424242 is encrypted and only the machine without origin info has access to that identifier, how would you know the request is for 424242?
Still miss the larger picture. Now the genie is out, a country will have technology to monitor all things and people all the time.
The world is not just Apple. Someone will use the sane idea to do evil behind this.
And even Apple has to work inside say china and follow their law. What if they ask ...
We have been here before. Internet !
The links to us all. The freedom to publish and share. Then someone turn it into a way to record and monitor everything you said. And e-wall the whole country and round up any people they do not like.
Good luck. Guess technology is neutral. It is not it’s fault. But beware of the gift from clever Greek. Or in that story the golden Apple.
Apple's Find My features are what turn iPhone theft into complete iCloud vulnerabilities. This was first seen with the social engineering attacks made possible in Find My iPhone. All an attacker needs to do is spoof an SMS and phish your account credentials. It's likely this feature too will lead to clever hacks used to further damage users.
First forensics to try and crack the pass code (takes about 2 days). Next turn on the phone just long enough to take down the phone number provided. Then wait another day or so and turn on the phone again. At the same time send the recovery number an SMS linked to a fake iCloud website and grab the credentials when they log-in. I have concrete examples of the processes, tools and servers used to pull this off. Apple Support is aware this is a common occurrence - they told me so over the phone.
If you'd like to know more specifics, please feel free to contact me.
1. At setup, Find My generates private key shared to all your Apple devices.
2. The private key generates a perpetual sequence of public keys. These change (iterates to the next) "frequently".
3. The rotating public key is shared accross all (including other people's) Apple devices via Bluetooth and can even do this when it's off.
4. The shared scheme pings to Apple's central system and uploads A. hashes of the public keys in the area and B. the location.
5. When you try to find a device you send your hashed public key to Apples server and they return the last picked up location (encrypted). (You thus need at least 2 Apple devices, one to find the other. Also, they don't say how the previously iterated public keys are remembered.)