Find My Network Exploit Turns Any Bluetooth Device Into a Tracker

by

George Mason University researchers claim to have uncovered a serious vulnerability in Apple's Find My network that allows hackers to track virtually any Bluetooth-enabled device without the owner's knowledge.

find my friends precision finding
Called "nRootTag," the exploit tricks the Find My network into treating ordinary Bluetooth devices as if they were AirTags, allowing hackers to turn laptops, smartphones, game controllers, VR headsets, and even e-bikes into unwitting tracking beacons.

Find My works by having AirTags and other Find My-compatible items send Bluetooth signals to nearby Apple devices, which then anonymously relay location data to Apple's servers. The researchers discovered they could manipulate cryptographic keys to make the network believe any Bluetooth device was a legitimate AirTag.

The research team found that the attack has a 90% success rate and can pinpoint a device's location within minutes. "While it is scary if your smart lock is hacked, it becomes far more horrifying if the attacker also knows its location," said one of the researchers.

What makes the exploit even more concerning is that it doesn't require physical access or administrator privileges on the target device – it can actually be executed remotely. In their experiments, the team successfully tracked a stationary computer with 10-foot accuracy and even reconstructed the exact flight path of a gaming console brought onboard an airplane.

The attack does require fairly hefty computing resources – the research team used hundreds of graphics processing units to quickly find matching cryptographic keys. However, they note that this could be achieved relatively inexpensively by renting GPUs, which has become a common practice in the crypto-mining community.

The team said they notified Apple about the vulnerability in July 2024, and Apple says that it protected against the vulnerability in December software updates.

Even after Apple implements a fix, the researchers warn the vulnerability could persist for years as many users delay updating their devices. "The vulnerable Find My network will continue to exist until those devices slowly 'die out,' and this process will take years," said one researcher.

The research will be formally presented at the USENIX Security Symposium in August. The team recommends users be cautious about apps requesting Bluetooth permissions, keep their devices updated, and consider privacy-focused operating systems for better protection.

Update: This article has been updated to clarify that Apple bolstered the Find My network in December 2024 to protect against this type of attack.

Tag: Find My Guide

Popular Stories

iOS 26

iOS 26.4 and iOS 27 Features Revealed in New Leak

Friday December 12, 2025 10:56 am PST by
Macworld's Filipe Espósito today revealed a handful of features that Apple is allegedly planning for iOS 26.4, iOS 27, and even iOS 28. The report said the features are referenced within the code for a leaked internal build of iOS 26 that is not meant to be seen by the public. However, it appears that Espósito and/or his sources managed to gain access to it, providing us with a sneak peek...
Read Full Article90 comments
apple beta 26 lineup

Apple Leak Confirms Work on Foldable iPhone, AirTag 2, and Dozens More Devices

Monday December 15, 2025 2:05 pm PST by
Last week, details about unreleased Apple devices and future iOS features were shared by Macworld. This week, we learned where the information came from, plus we have more findings from the leak. As it turns out, an Apple prototype device running an early build of iOS 26 was sold, and the person who bought it shared the software. The OS has a version number of 23A5234w, and the first...
Read Full Article68 comments
Apple Logo Top Half

Early iOS 26 Software Leak Uncovers Dozens of Upcoming Apple Features

Monday December 15, 2025 3:05 pm PST by
Software from an iPhone prototype running an early build of iOS 26 leaked last week, giving us a glimpse at future Apple devices and iOS features. We recapped device codenames in our prior article, and now we have a list of some of the most notable feature flags that were found in the software code. In some cases, it's obvious what the feature flags are referring to, while some are more...
Read Full Article28 comments
Apple Foldable Thumb

Leak Reveals Foldable iPhone Details

Monday December 15, 2025 9:09 am PST by
The first foldable iPhone will feature a series of design and hardware firsts for Apple, according to details shared by the Weibo leaker known as Digital Chat Station. According to a new post, via machine translation, Apple is developing what the leaker describes as a "wide foldable" device, a term used to refer to a horizontally oriented, book-style foldable with a large internal display....
Read Full Article147 comments
iOS 26

Apple Releases iOS 26.2 With Alarms for Reminders, Lock Screen Changes, Enhanced Safety Alerts and More

Friday December 12, 2025 10:10 am PST by
Apple today released iOS 26.2, the second major update to the iOS 26 operating system that came out in September, iOS 26.2 comes a little over a month after iOS 26.1 launched. ‌iOS 26‌.2 is compatible with the ‌iPhone‌ 11 series and later, as well as the second-generation ‌iPhone‌ SE. The new software can be downloaded on eligible iPhones over-the-air by going to Settings >...
Read Full Article111 comments
iOS 26

iOS 26.3 Beta 1 Features: What's New So Far

Monday December 15, 2025 4:23 pm PST by
Apple is testing iOS 26.3, the next version of iOS 26 that will launch around January. Since iOS 26.3's testing is happening over the holidays, it is a smaller update with fewer features than we've seen in prior betas. We've rounded up what's new so far, and we'll add to our list with subsequent betas if we come across any other features. Transfer to Android Apple is making it simpler...
Read Full Article28 comments
iOS 26

iOS 26.2 Coming Soon With These 8 New Features on Your iPhone

Thursday December 11, 2025 8:49 am PST by
Apple seeded the second iOS 26.2 Release Candidate to developers earlier this week, meaning the update will be released to the general public very soon. Apple confirmed iOS 26.2 would be released in December, but it did not provide a specific date. We expect the update to be released by early next week. iOS 26.2 includes a handful of new features and changes on the iPhone, such as a new...
Read Full Article82 comments
airpods max 2024 colors

AirPods Max 2 Likely to Offer These 10 New Features

Monday December 15, 2025 7:41 am PST by
Apple released the AirPods Max on December 15, 2020, meaning the over-ear headphones launched five years ago today. While the AirPods Max were updated with a USB-C port and new color options last year, followed by support for lossless audio and ultra-low latency audio this year, the headphones lack some of the features that have been introduced for newer generations of the regular AirPods and the ...
Read Full Article34 comments

Top Rated Comments

JuicyGoomba Avatar
JuicyGoomba
11 months ago
But but but Timmy told me that the real threat was letting people install those pesky 3rd party app stores!

angrybabyfistshake.gif
Score: 20 Votes (Like | Disagree)
NMBob Avatar
NMBob
11 months ago
Finally! Something that just works!
Score: 17 Votes (Like | Disagree)
0049190 Avatar
0049190
11 months ago
I’m ok. Whenever I login to my Apple account it sends me a verification message saying I am 200 miles away from where I actually am.
Score: 8 Votes (Like | Disagree)
klasma Avatar
klasma
11 months ago
Website: https://nroottag.github.io/

How it works (from the link above):
[LIST=1]
* Through pairing, an AirTag shares the public / private key information with the owner’s device.
* When the AirTag is separated from the paired device, it advertises its public key via BLE advertisements, known as lost messages.
* Nearby Apple devices, referred to as finders, generate encrypted location reports and send them, along with the hashed public key, to the Apple Cloud.
* The Apple Cloud allows anyone to use a hashed public key to retrieve the associated location reports, which can only be decrypted using the correct private key. To ensure anonymity, finders do not authenticate whether a lost message is sent from an Apple device.

IIUC, any program that can send BLE advertisements can make the device it’s running on trackable via Apple’s Find My network.
Score: 8 Votes (Like | Disagree)
ikramerica Avatar
ikramerica
11 months ago
The author does a poor job if explaining how the hack works.

How did they locate the desktop computer remotely without hacking it and:

A. and finding out it exists
B. Knowing it’s Bluetooth information
C. Broadcasting the BT to Find My as an Airtag

Also, if the Find My network sees it as an Airtag, aren’t nearby iPhone users going to get an alert that an AirTag has been near them that doesn’t belong to you?
Score: 7 Votes (Like | Disagree)
I7guy Avatar
I7guy
11 months ago
Interesting vulnerability. How easy or hard to deploy? What is the actual threat level? And I presume one can’t be tracked if Bluetooth is off.
Score: 5 Votes (Like | Disagree)
Read All Comments