The Clever Cryptography Behind Apple's 'Find My' Feature (arstechnica.com) 91
An anonymous reader quotes a report from Ars Technica, written by Wired's . Andy Greenberg: In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.
In a background phone call with WIRED following its keynote, Apple broke down that privacy element, explaining how its "encrypted and anonymous" system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device. The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations. That system would obviate the threat of marketers or other snoops tracking Apple device Bluetooth signals, allowing them to build their own histories of every user's location. In fact, Find My's cryptography goes one step further than that, denying even Apple itself the ability to learn a user's locations based on their Bluetooth beacons. That would represent a privacy improvement over Apple's older tools like Find My iPhone and Find Friends, which don't offer such safeguards against Apple learning your location.
In a background phone call with WIRED following its keynote, Apple broke down that privacy element, explaining how its "encrypted and anonymous" system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device. The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations. That system would obviate the threat of marketers or other snoops tracking Apple device Bluetooth signals, allowing them to build their own histories of every user's location. In fact, Find My's cryptography goes one step further than that, denying even Apple itself the ability to learn a user's locations based on their Bluetooth beacons. That would represent a privacy improvement over Apple's older tools like Find My iPhone and Find Friends, which don't offer such safeguards against Apple learning your location.
Apple always errs on the side of privacy (Score:1)
unlike the "do know evil" data miner in chief
This project supposedly was one of the last ones Dr Jobs supervised prior to his untimely demise (RIP).
Re: (Score:1)
Re: (Score:1)
Then don't enable the "find my" functionality on your devices, and they won't share this info. Ok?
Show us the code, smartasses (Score:1)
If Apple is so confident and transparent about that implementation, why won't it release source code? Their word is worth nothing at this point.
Re: (Score:1)
Re:Show us the code, smartasses (Score:5, Informative)
> why won't it release source code?
You never know, they just might. Keep your eye on https://opensource.apple.com/ [apple.com]
A.
Re: (Score:2)
How about... (Score:1)
... apple lets me install a public key to which it'll encrypt that location data?
That way only the person with the private key (ie me) gets to decrypt the messages, and I don't need multiple apple devices. Just my key and whatever hardware I have that on.
Re: (Score:1)
No, no, no. That won't do at all. That would ensure that the data being encrypted is only decryptable by YOU.
This convoluted system, of obtaining a rotating public key from some unknown (supposedly stolen) Bluetooth device nearby, allows law enforcement, NSA, Apple, or other malware running on other people's computers to command YOUR computer into uploading YOUR location and data to Apple, encrypted with THEIR key, for later retrieval and decryption by said private key holder.
Thank you for your service.
Re: (Score:2)
This convoluted system, of obtaining a rotating public key from some unknown (supposedly stolen) Bluetooth device nearby, allows law enforcement, NSA, Apple, or other malware running on other people's computers to command YOUR computer into uploading YOUR location and data to Apple, encrypted with THEIR key, for later retrieval and decryption by said private key holder.
Please turn your brain on before writing nonsense like that. There is no information about the sending device sent to Apple whatsoever. Just the location, which would be known anyway because it's where that Bluetooth device is. And please tell us: Why would Apple do that? What's in it for them? If they wanted to spy on you they could do that anyway without you noticing.
Re: (Score:1)
Re: (Score:2)
That way only the person with the private key (ie me) gets to decrypt the messages, and I don't need multiple apple devices. Just my key and whatever hardware I have that on.
Hey clever boy, if you have only one Apple device and it gets lost or stolen, then _all_ your Apple devices are gone, so all your copies of the private key are gone, so you don't have the ability to find your one device at all.
And surely the article would have mentioned that you _are_ indeed the only one in possession of the private key. You enrol a set of devices into "Find my device" using your AppleID, and all these devices share your personal private key between them. And sorry, but Apple wouldn't tr
Re: (Score:2)
Apple already has a Bluetooth protocol called Airdrop where nearby devices will handshake and join an ad hoc local network to share things like photos and contacts. If two devices encounter each other on Airdrop, device A could spam out an opaque nonce encrypted with a key associated with its owner's Apple Id. If device B can decrypt the packet, then the two devices are owned by the same person and they can proceed sharing sensitive info like keys.
Re: (Score:2)
_all_ your Apple devices are gone, so all your copies of the private key are gone
Allow me to introduce you to an interesting concept well established in the field of data management.
Backups.
Re: (Score:2)
Hey clever boy, if you have only one Apple device and it gets lost or stolen, then _all_ your Apple devices are gone, so all your copies of the private key are gone, so you don't have the ability to find your one device at all.
And surely the article would have mentioned that you _are_ indeed the only one in possession of the private key. You enrol a set of devices into "Find my device" using your AppleID, and all these devices share your personal private key between them. And sorry, but Apple wouldn't trust your PC to keep a private key safe.
Use an algorithm like scrypt to derive the private key from a password/passphrase. You enter the password once on the device when you turn Find My Device on. The key is then stored in the device's secure enclave. If the device becomes lost you can input the password into Apple's website to unlock the location information. If you don't trust Apple not to hang on to your location password, you can change it (and the key) when and if you get your device back.
No need to have multiple Apple devices, and no n
Two problems ... (Score:2)
Second, how do they protect the battery life of a device that is sending bluetooth signals and using GPS all the time?
Re: (Score:2)
Re: (Score:2)
Re: (Score:2)
From the article, it sounds like your second Apple device is where the backup copies of your private keys are stored when you first set up the new Find-me system. (The private keys are apparently not stored on the cloud)
Re: (Score:2)
Re: (Score:2)
If it works like other iCloud services then you
* either need a second authorized Apple device, or
* a secure code (Recovery Key) you can generate and store if you have only one device. (You have to do this before you lose your single device).
Next to your regular username/password.
Re: (Score:2)
Re:Two problems ... (Score:4, Insightful)
Thirdly, think of the message this sends to street criminals. If you want to steal iPhones, then make sure you get the MacBook as well. This will probably require the use of a knife, whether to cut the straps of the backpack, or to threaten the owner to hand it over, as laptops are generally not carried around in a manner that lets you easily snatch them from the victim's hands as you pass by.
And now the criminal has moved from a grab (which is just an ordinary theft) to an armed robbery, which means ten years in jail if caught, PLUS the cops will be after you for real. If you pick my phone out of my jacket pocket, the police may not care. If you run around drawing knifes on people, police _will_ care and get you.
That's why there are no kidnappings for money in the USA, and that's why there are no bank robberies in the UK, except by rank idiots. Because these are things where police decided they _will_ get you
Re: (Score:2)
First, "you've got such a nice Apple device, it's be a shame if it was lost. You oughta buy another one so you can find the first one." Second, how do they protect the battery life of a device that is sending bluetooth signals and using GPS all the time?
It isn't using GPS at all. That's the whole point. All it does is send a bluetooth signal, which is the lowest of low power signals, containing a public key. It doesn't listen to any other devices when turned off. The device picking this up is the one that determines its location and sends it, and that device is turned on.
Re: (Score:2)
What's the point of encrypting the data at all? Whatever the device sends is immaterial.
It could send "0" and be just as effective. On Apple's side, the important bits of data are that "JDoe"'s device sent 'something' from 'this' location.
The location and the device identifier linking to you are all that matter. The ID has to link to you effectively in plain text or they'd have no idea which packets to try decrypting with your key. And the location can't be encrypted with your key, since it's not your d
Re: Hm (Score:2)
It is magic (Score:1)
""It uses just tiny bits of data that piggyback on existing network traffic so there’s no need to worry about your battery life, your data usage, or your privacy."
That really IS clever. They manage to transmit data that doesn't affect battery life or your data usage. They should patent that.
Re: (Score:3)
Re: (Score:2)
That's not what Apple is doing though. They appear to be simply adding this additional data to the other stuff their devices periodically send back to the mothership (cloud data, polling for updates, iMessages etc.)
Re: (Score:2)
I don't really understand how piggybacking improves privacy.
Bluetooth devices have four kinds of address. (Score:5, Informative)
Bluetooth devices typically have a MAC address (or Bluetooth Address). If it's always pinging out every so often, how can they say it's not leaking information?
Starting with version 4.0 of the specification, Bluetooth added a second, low-energy, modulation and protocol scheme. It is called "Bluetooth Smart" or "Bluetooth Low Energy" (BLE). One of the things it addresses is the "track by a static MAC address like a WiFi or Ethernet gadget" problem.
BLE has 29, not 28 bits of address, and FOUR kinds of address. The extra bit tells whether (0) the other 48 are using an IEEE MAC address ("Public" in BLE-speak) or (1) one of the three other BLE address types. For those the two MSBs tell you which type it is. Two of them Xchange randomly every few minutes.
0 XX 46 Xes: Public.
1 11 46 Rs (not all-1 or all-0): Static.
1 00 46 Rs: Private non-resolvable.
1 01 22 Rs, 24 hash-of-Rs: Private resolvable.
Public is an IEEE MAC address. Buy it from IEEE. Burn it into the chip or load it from firmware.
Static is a BLE address similar to a MAC, except you don't have to buy it: It's a 24-bit random number (all ones and all zeros forbidden) that doesn't change while the chip is running. (It might be generated by the chip and change when you change batteries or reset the chip, or it might be burned into the chip at the factory and never change.) You don't expect any collisions until you have several million devices deployed.
Private non-resolvable is also a 24-bit random number. But it changes randomly every few minutes. (Chips should use a good crypto algorithm plus added entropy so it really is as good as true random.) Nobody has a clue what the device is - at least from the address - and once it changes nobody has a clue that this new address is the same tag as the old one. Things that connect with it have to negotiate with it to figure out if it's "the right guy", convince it they're authorized and arrange a way to talk without leaking identity to trackers.
Private resolvable does the same thing with a 22-bit random number, but it also sends a 24-bit hash of the random number, hashed with AES and the chip's "Identify Resolving Key" - a secret shared with authorized listeners. An authorized listener can try the advertisement against all the keys it knows, and if it computes a matching hash - both initially and after one change - it can be confident it knows who the tag is, and can continue to track it through further changes. Without the key a listener will lose track of it after a change. As with Private non-resolvable, things can connect with it between changes and try to negotiate authorization and a persistent connection.
rolling eyes (Score:3)
Re: (Score:1)
Re: (Score:2)
Re: (Score:2)
"So transferring data to a server is the impressive part here?"
No. The impressive part here is a big tech company actually deployed a find my device feature that they can't use behind your back to find you.
Re: (Score:2)
Re:rolling eyes (Score:4)
If you're equating what is happening here with your garage opener then you really didn't understand what is going on.
Re: (Score:2)
To really turn it off (Score:3)
Just remove the battery. wait...
Big Nope. (Score:1)
Looks like yet another reason I'll never buy an Apple product.
Hmm, wonder why (Score:5, Insightful)
Looks like yet another reason I'll never buy an Apple product.
Because you hate finding things of yours that were lost or stolen, or because you hate technology generally and the cave you live in lacks sufficient recharging facilities, or because it's shutting down your thieving business something fierce?
Honestly I think it's pretty mean of you to not want Apple users to be able to find lost or stolen devices, as every Apple device you do not buy means there's that much less of a chance for some lost iPhone to relay a location signal through you...
This is the true decentralized network everyone always wanted the internet to be and here you are trying to stomp on it.
Some useful resources on this (Score:4, Informative)
1) Prof. Mathew Greenâ(TM)s account on the matter:
https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/amp/
2) Twitter thread under @radian (Ivan KrstiÄ, Appleâ(TM)s Head of Security Engineering):
https://twitter.com/radian/status/1136364459771846656
Re: (Score:2)
There are still questions that need to be answered.
They say it has no effect on your battery life. That seems unlikely to say the least. Your device is periodically transmitting, and constantly receiving so it can hear other people's devices' transmissions. Maybe they mean in comparison to a phone with Bluetooth turned on all the time.
They say it doesn't affect your data plan, but the admit that it does send a small amount of data. Granted it's probably quite small... But if you are in an area where there a
Re: (Score:2)
iFind (Score:2)
“Find My” isn’t a great name is it? "iFind" seems so obvious that it would infer that Apple has dropped the “i” naming tradition.
I did wonder if they’ll do a Tile like product? Yes, probably something crazy which is titanium and pricey.
However since "privacy as a service" [slashdot.org] seems to be Apple's mantra just now I don't see this as something they could do that wouldn't be abused, undermining the privacy principals they are advocating right now.
Imagine chucking such a tile into
Paying a premium for privacy (Score:2)
Seems like Apple went full steam ahead at exactly the direction Google feared most.
Hands up, anyone hear thinks that Google would ever develop something the prevents even Google getting your data?
Tracking device with plausible deniability :-) (Score:2)
Fantastic! Good for tracking spouses. Employers can now rest assured that they know where their employees are spending time.
Person A: "Hey Joe, I was cleaning out my car last night and found your iPhone."
Person B: "That's great Dave. Do me a favor and keep it in your glove compartment until I get a chance to pick it up. Thanks."
How do you add devices? (Score:2)
Ok, so this shiny new service requires you to own at least two Apple devices so that they can arrange exchanging a Preshared Private Key amongst themselves when setting this up.
So what happens when you buy a third Apple device and want it to connect with the other two? How does this third new device interact with the other two to convince them that it's legitimate so that they'll cough up the Preshared Private Key?
Then, if Apple devices can do it ... why not the NastyHackerDudes?
Re: (Score:2)
If it works anything like their other services,
* Either the secure enclave in the hardware of the other device(s) is used as a second factor
* You can use a generated Verification Code (generated beforehand on your single Apple device) as the second factor. This is much less convenient of course.
What if I only have one Apple product? (Score:2)
Ingenious, but easy to defeat (Score:1)
First option: steal both the Mac and the iPad (or all the cooperating Apple devices) at the same time. Then the end user has no way to decrypt the new location of his stolen Apple hardware.
Second option: only steal one Apple device, but immediately place it in a shielded briefcase. Take it out only in a shielded environment away from all wireless signals. Dismantle it (if possible), then steal the data from it and/or sell the parts. I also wonder if reinstalling the stolen device and jailbreaking it (if
The end of apple devices in specific enviroments (Score:1)
So if all apple devices are constantly even when off transmitting a signal. That spells the complete ban of apple devices in certain environments that are RF sensitive. One that comes to mind I visited a few years ago was Arecibo in PR. It is asked that all guests turn off any transmitting devices as they have potential to interfere with any studies going on at the moment. Doesn't matter how weak the signal, even the slightest whisper of RF coming from a device anywhere near the top side of that dish is pro
Re: (Score:3)
I think this would still need to be off when in airplane mode or with the BT switched off on purpose.
As I understand it, this is not working when devices are really physically off/unpowered.
The article states that it works when they're "offline".
Basically when not connected to the internet, the devices with use low power bluetooth, if it is enabled, to try and build an ad hoc network with other Apple devices that happen to be nearby and might be connected to the internet.
And yes, large radio telescopes are