Researchers from George Mason University have uncovered a concerning vulnerability that allows hackers to transform regular devices into Apple AirTag-like trackers without requiring root privileges. This attack, named nRootTag, exploits Bluetooth connectivity and leverages over 1.5 billion iPhones worldwide as potential tracking agents. By manipulating Find My Offline Finding features in Apple’s ecosystem, hackers can locate targeted computers with a success rate exceeding 90% within minutes at minimal cost.
The nRootTag attack works by first retrieving the advertising address of the victim device and obtaining its corresponding public key from an external server. Then, it mimics lost messages containing this information via Bluetooth Low Energy (BLE) advertisements to nearby Apple devices acting as potential “finders.” These finder devices generate encrypted location reports using these false signals and send them along with hashed public keys to the Apple Cloud.
The attacker can then access these stored data by providing a valid private key obtained either through rainbow table lookup or online searches, allowing them to decrypt the collected information and pinpoint exact locations of targeted devices. Although patches have been released by Apple for iOS 18.2 onwards, older unpatched iPhones or Apple Watches within range still remain vulnerable while running the trojan software.
In conclusion, this alarming discovery highlights the importance of timely security updates and vigilance in protecting personal data from potential threats lurking even through seemingly innocuous features like Bluetooth connectivity.
Complete Article after the Jump: Here!