![]() ![]() ![]() ![]() Milan Stute, another member of the research team, explained that a second, more esoteric issue meant that Apple might be able to correlate user locations. Read more of the latest Apple security news The implementation issue – tracked as CVE-2020-9986 – was resolved by Apple last year. “Just by reading this directory it was possible to download and decrypt the location reports for all devices that were connected to the same iCloud account,” Heinrich explained. These locations are encrypted, but a flaw in the implementation of the technology meant all the private keys were exposed in a publicly accessible directory on macOS. What’s your location?Īpple’s OF technology means that a MacBook that is in your bag, and normally offline, would be pinged by other devices around you (like your own iPhone), which would find it and report the encrypted location to Apple in the event that it was lost or stolen.Īpple's technology aims to ensure finder anonymity, that owner devices are not trackable, and the confidentiality of location reports. The unauthorized access of location history vulnerability allows any “third-party app on the Mac to decrypt the location reports created by any of your devices whenever they were offline”, Alexander Heinrich, one of the researchers, told The Daily Swig. The other (less serious) implementation flaw remains unaddressed. In response, the technology giant addressed their main concern through an update. The researchers disclosed their findings to Apple last year. RELATED Telegram for macOS failed to self-destruct messages on local devices More specifically the researchers went on to uncover two distinct design and implementation flaws which they said could lead to a ‘location correlation attack’ and unauthorized access to recent location history. The team went on to show that an attacker could gain unauthorized access to the location reports, allowing for accurate device tracking and the ability to retrieve a user’s frequently visited locations to within a distance of 10 metres, at least in urban areas. Reverse engineeringĭuring what’s reckoned to be the first comprehensive security and privacy analysis of Apple’s OF technology, the team of four computer scientists first mapped out the design of the closed-source protocols using reverse engineering techniques. The ‘crowdsourced’ system reports an approximate location for a device back to the owner via the internet.Ĭomputer scientists from Technische Universität Darmstadt in Germany uncovered a brace of issues after carrying out a detailed analysis of the privacy-focused system. The security and privacy of Apple’s Bluetooth location-tracking system has earned praise from researchers who uncovered two implementation flaws in the technology.Īpple’s OF (Offline Finding) technology makes use of online finder devices running the ‘Find My’ app to detect the presence of missing offline devices such as iPads using Bluetooth and AirTags. Bluetooth tracking system earns plaudits from independent security analysis despite recently resolved flaw ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |