TY - GEN
T1 - Where Is My Tag? Unveiling Alternative Uses of the Apple FindMy Service
AU - Tonetto, Leonardo
AU - Carrara, Andrea
AU - Ding, Aaron Yi
AU - Ott, Jorg
N1 - Publisher Copyright:
© 2022 IEEE.
PY - 2022
Y1 - 2022
N2 - Bluetooth trackers, or tags, have quickly become ubiquitous and widely supported by multiple vendors. Beyond their original design of finding lost objects, these devices have the ability to extend the capabilities of current wireless smart devices. Since its launch in 2019, Apple's FindMy enables any devices from their brand to be easily tracked by more than 1 billion active iPhones and iPads on the market. While convenient, these systems may even serve further uses, including as a result of this work, crowd sensing and a side channel for mobile communication. But they also raise privacy concerns for their users. In this paper, we demonstrate how Apple FindMy can be used as a privacy-friendly tool for crowd monitoring, and how it may inadvertently leak information on a person's location in case of deliberate tracking. Additionally, we design and evaluate a proof of concept protocol, using the Apple FindMy and a crafted tag using a simple microcontroller. We show how such system could be used to transmit information at very low bit rates, while the devices transporting the information remain unaware of this covert channel, yielding an out of band communication channel.
AB - Bluetooth trackers, or tags, have quickly become ubiquitous and widely supported by multiple vendors. Beyond their original design of finding lost objects, these devices have the ability to extend the capabilities of current wireless smart devices. Since its launch in 2019, Apple's FindMy enables any devices from their brand to be easily tracked by more than 1 billion active iPhones and iPads on the market. While convenient, these systems may even serve further uses, including as a result of this work, crowd sensing and a side channel for mobile communication. But they also raise privacy concerns for their users. In this paper, we demonstrate how Apple FindMy can be used as a privacy-friendly tool for crowd monitoring, and how it may inadvertently leak information on a person's location in case of deliberate tracking. Additionally, we design and evaluate a proof of concept protocol, using the Apple FindMy and a crafted tag using a simple microcontroller. We show how such system could be used to transmit information at very low bit rates, while the devices transporting the information remain unaware of this covert channel, yielding an out of band communication channel.
KW - covert exfiltration
KW - crowd monitoring
KW - location privacy
KW - mobile communication
KW - sensing
UR - http://www.scopus.com/inward/record.url?scp=85137103236&partnerID=8YFLogxK
U2 - 10.1109/WoWMoM54355.2022.00059
DO - 10.1109/WoWMoM54355.2022.00059
M3 - Conference contribution
AN - SCOPUS:85137103236
T3 - Proceedings - 2022 IEEE 23rd International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2022
SP - 396
EP - 405
BT - Proceedings - 2022 IEEE 23rd International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2022
A2 - Chen, Liming Luke
A2 - Melodia, Tommaso
A2 - Tsiropoulou, Eirini Eleni
A2 - Chiasserini, Carla Fabiana
A2 - Bruno, Raffaele
A2 - Bhattacharjee, Shameek
A2 - Frangoudis, Pantelis
A2 - Nadendla, Venkata Sriram Siddhardh
PB - Institute of Electrical and Electronics Engineers Inc.
T2 - 23rd IEEE International Symposium on a World of Wireless, Mobile and Multimedia Networks, WoWMoM 2022
Y2 - 14 June 2022 through 17 June 2022
ER -