Slashdot is powered by your submissions, so send in your scoop

 


Forgot your password?
Close
typodupeerror
×
Communications Operating Systems Privacy Security Software Apple Technology

The Clever Cryptography Behind Apple's 'Find My' Feature (arstechnica.com) 91

Posted by BeauHD from the behind-the-scenes dept.
An anonymous reader quotes a report from Ars Technica, written by Wired's . Andy Greenberg: In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.

In a background phone call with WIRED following its keynote, Apple broke down that privacy element, explaining how its "encrypted and anonymous" system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device. The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations. That system would obviate the threat of marketers or other snoops tracking Apple device Bluetooth signals, allowing them to build their own histories of every user's location. In fact, Find My's cryptography goes one step further than that, denying even Apple itself the ability to learn a user's locations based on their Bluetooth beacons. That would represent a privacy improvement over Apple's older tools like Find My iPhone and Find Friends, which don't offer such safeguards against Apple learning your location.
This discussion has been archived. No new comments can be posted.

The Clever Cryptography Behind Apple's 'Find My' Feature More

The Clever Cryptography Behind Apple's 'Find My' Feature

Comments Filter:

  • Apple always errs on the side of privacy (Score:1)

    by Anonymous Coward

    unlike the "do know evil" data miner in chief

    This project supposedly was one of the last ones Dr Jobs supervised prior to his untimely demise (RIP).

  • If Apple is so confident and transparent about that implementation, why won't it release source code? Their word is worth nothing at this point.

  • How about... (Score:1)

    by Anonymous Coward

    ... apple lets me install a public key to which it'll encrypt that location data?

    That way only the person with the private key (ie me) gets to decrypt the messages, and I don't need multiple apple devices. Just my key and whatever hardware I have that on.

    • Re: (Score:1)

      by zilym ( 3470 )

      No, no, no. That won't do at all. That would ensure that the data being encrypted is only decryptable by YOU.

      This convoluted system, of obtaining a rotating public key from some unknown (supposedly stolen) Bluetooth device nearby, allows law enforcement, NSA, Apple, or other malware running on other people's computers to command YOUR computer into uploading YOUR location and data to Apple, encrypted with THEIR key, for later retrieval and decryption by said private key holder.

      Thank you for your service.

      • This convoluted system, of obtaining a rotating public key from some unknown (supposedly stolen) Bluetooth device nearby, allows law enforcement, NSA, Apple, or other malware running on other people's computers to command YOUR computer into uploading YOUR location and data to Apple, encrypted with THEIR key, for later retrieval and decryption by said private key holder.

        Please turn your brain on before writing nonsense like that. There is no information about the sending device sent to Apple whatsoever. Just the location, which would be known anyway because it's where that Bluetooth device is. And please tell us: Why would Apple do that? What's in it for them? If they wanted to spy on you they could do that anyway without you noticing.

        • Re: (Score:1)

          by agaku ( 2312930 )
          You do not know what exactly is sent to Apple, because it is encrypted. A National Security Letter would motivate Apple to forward the data to state agencies. Although I appreciate the work done, I do not believe that a mobile phone with a GPS sensor could be trusted with a closed-source operating system (including drivers). The same goes for the microphone and the camera. If I want to make sure that no one is eavesdropping upon me, I have to distance myself from my phone. Actually, in sensitive areas emplo

    • That way only the person with the private key (ie me) gets to decrypt the messages, and I don't need multiple apple devices. Just my key and whatever hardware I have that on.

      Hey clever boy, if you have only one Apple device and it gets lost or stolen, then _all_ your Apple devices are gone, so all your copies of the private key are gone, so you don't have the ability to find your one device at all.

      And surely the article would have mentioned that you _are_ indeed the only one in possession of the private key. You enrol a set of devices into "Find my device" using your AppleID, and all these devices share your personal private key between them. And sorry, but Apple wouldn't tr

      • Re: (Score:2)

        by Cederic ( 9623 )

        _all_ your Apple devices are gone, so all your copies of the private key are gone

        Allow me to introduce you to an interesting concept well established in the field of data management.

        Backups.

      • Re: (Score:2)

        by flink ( 18449 )

        Hey clever boy, if you have only one Apple device and it gets lost or stolen, then _all_ your Apple devices are gone, so all your copies of the private key are gone, so you don't have the ability to find your one device at all.

        And surely the article would have mentioned that you _are_ indeed the only one in possession of the private key. You enrol a set of devices into "Find my device" using your AppleID, and all these devices share your personal private key between them. And sorry, but Apple wouldn't trust your PC to keep a private key safe.

        Use an algorithm like scrypt to derive the private key from a password/passphrase. You enter the password once on the device when you turn Find My Device on. The key is then stored in the device's secure enclave. If the device becomes lost you can input the password into Apple's website to unlock the location information. If you don't trust Apple not to hang on to your location password, you can change it (and the key) when and if you get your device back.

        No need to have multiple Apple devices, and no n

  • First, "you've got such a nice Apple device, it's be a shame if it was lost. You oughta buy another one so you can find the first one."

    Second, how do they protect the battery life of a device that is sending bluetooth signals and using GPS all the time?

    • The answers are simple. Bluetooth V is short range and low power (can run for a year on a coin cell, depending on some details.) GPS is not, gps is also pretty limited due to needing a sky view. So the location is provided by the fact that it is near the receiving device which could have it's location provided by it's IP, GPS or cellular methods with a limited level of accuracy depending. Could be super frustrating if you get the location within 1 mile of your missing device but no better. Now we may have a
    • You don't need a 2nd Apple device. You go to iCloud.com on any device, login, and select the option to find your device.

      • Re: (Score:2)

        by Jeremi ( 14640 )

        From the article, it sounds like your second Apple device is where the backup copies of your private keys are stored when you first set up the new Find-me system. (The private keys are apparently not stored on the cloud)

        • This functionality may certainly require a second known-device. There are lots of there functions like automatic-unlocking of your Apple laptop when your Apple Watch is near, that require a 2nd Apple device. I don't see the big deal. The current Find My iPhone (or Mac) doesn't require a 2nd device to function though.

      • If it works like other iCloud services then you
        * either need a second authorized Apple device, or
        * a secure code (Recovery Key) you can generate and store if you have only one device. (You have to do this before you lose your single device).

        Next to your regular username/password.

    • Re: (Score:2)

      by jrumney ( 197329 )
      Thirdly, think of the message this sends to street criminals. If you want to steal iPhones, then make sure you get the MacBook as well. This will probably require the use of a knife, whether to cut the straps of the backpack, or to threaten the owner to hand it over, as laptops are generally not carried around in a manner that lets you easily snatch them from the victim's hands as you pass by.

      • Re:Two problems ... (Score:4, Insightful)

        by gnasher719 ( 869701 ) on Friday June 07, 2019 @04:01AM (#58723752)

        Thirdly, think of the message this sends to street criminals. If you want to steal iPhones, then make sure you get the MacBook as well. This will probably require the use of a knife, whether to cut the straps of the backpack, or to threaten the owner to hand it over, as laptops are generally not carried around in a manner that lets you easily snatch them from the victim's hands as you pass by.

        And now the criminal has moved from a grab (which is just an ordinary theft) to an armed robbery, which means ten years in jail if caught, PLUS the cops will be after you for real. If you pick my phone out of my jacket pocket, the police may not care. If you run around drawing knifes on people, police _will_ care and get you.

        That's why there are no kidnappings for money in the USA, and that's why there are no bank robberies in the UK, except by rank idiots. Because these are things where police decided they _will_ get you

    • First, "you've got such a nice Apple device, it's be a shame if it was lost. You oughta buy another one so you can find the first one." Second, how do they protect the battery life of a device that is sending bluetooth signals and using GPS all the time?

      It isn't using GPS at all. That's the whole point. All it does is send a bluetooth signal, which is the lowest of low power signals, containing a public key. It doesn't listen to any other devices when turned off. The device picking this up is the one that determines its location and sends it, and that device is turned on.

      • Re: (Score:2)

        by Wulf2k ( 4703573 )

        What's the point of encrypting the data at all? Whatever the device sends is immaterial.

        It could send "0" and be just as effective. On Apple's side, the important bits of data are that "JDoe"'s device sent 'something' from 'this' location.

        The location and the device identifier linking to you are all that matter. The ID has to link to you effectively in plain text or they'd have no idea which packets to try decrypting with your key. And the location can't be encrypted with your key, since it's not your d

  • ""It uses just tiny bits of data that piggyback on existing network traffic so there’s no need to worry about your battery life, your data usage, or your privacy."
     
    That really IS clever. They manage to transmit data that doesn't affect battery life or your data usage. They should patent that.

    • That's what SMS does with text messages. They're sent as part of a baseband signal that's already being sent by your phone. The transmission of them takes no extra data required (though there's certainly some used when you have your screen on and compose that message).

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        That's not what Apple is doing though. They appear to be simply adding this additional data to the other stuff their devices periodically send back to the mothership (cloud data, polling for updates, iMessages etc.)

    • I don't really understand how piggybacking improves privacy.

  • rolling eyes (Score:3)

    by fluffernutter ( 1411889 ) on Thursday June 06, 2019 @07:01PM (#58722328)
    Don't a lot of encryption schemes use rolling keys? Don't garage door openers use rolling keys? Why is it so clever when Apple does it?
    • Pretty sure your garage door opener isn't connecting to the internet and sending your data to the cloud.
      • So transferring data to a server is the impressive part here?

        • Re: (Score:2)

          by vux984 ( 928602 )

          "So transferring data to a server is the impressive part here?"

          No. The impressive part here is a big tech company actually deployed a find my device feature that they can't use behind your back to find you.

    • Re: (Score:2)

      by bob4u2c ( 73467 )
      I'm guessing that it uses some form of HOTP to encode a random token based on a private key (that only your other device knows). That token is then sent via bluetooth and other devices. The other device connected to the network then sends a message back to Apple which is the encrypted gps coordinates using the bluetooth token. That all sounds good, as long as Apple doesn't have your key to generate the HOTP your fine, Apple doesn't know who sent the message or what is in it. The problem I see is that no

    • Re:rolling eyes (Score:4)

      by thegarbz ( 1787294 ) on Thursday June 06, 2019 @07:48PM (#58722500)

      If you're equating what is happening here with your garage opener then you really didn't understand what is going on.

      • No, I'm equating the part where a wireless protocol works in concert with a remote partner to encrypt/decrypt a message with a garage door opener. The rest is sending data to a server.

  • To really turn it off (Score:3)

    by aberglas ( 991072 ) on Thursday June 06, 2019 @07:17PM (#58722378)

    Just remove the battery. wait...

  • "In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud."

    Looks like yet another reason I'll never buy an Apple product.

    • Hmm, wonder why (Score:5, Insightful)

      by SuperKendall ( 25149 ) on Thursday June 06, 2019 @11:22PM (#58723174)

      Looks like yet another reason I'll never buy an Apple product.

      Because you hate finding things of yours that were lost or stolen, or because you hate technology generally and the cave you live in lacks sufficient recharging facilities, or because it's shutting down your thieving business something fierce?

      Honestly I think it's pretty mean of you to not want Apple users to be able to find lost or stolen devices, as every Apple device you do not buy means there's that much less of a chance for some lost iPhone to relay a location signal through you...

      This is the true decentralized network everyone always wanted the internet to be and here you are trying to stomp on it.

  • Some useful resources on this (Score:4, Informative)

    by Anonymous Coward on Thursday June 06, 2019 @07:27PM (#58722406)

    1) Prof. Mathew Greenâ(TM)s account on the matter:

    https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/amp/

    2) Twitter thread under @radian (Ivan KrstiÄ, Appleâ(TM)s Head of Security Engineering):

    https://twitter.com/radian/status/1136364459771846656

    • Re: (Score:2)

      by AmiMoJo ( 196126 )

      There are still questions that need to be answered.

      They say it has no effect on your battery life. That seems unlikely to say the least. Your device is periodically transmitting, and constantly receiving so it can hear other people's devices' transmissions. Maybe they mean in comparison to a phone with Bluetooth turned on all the time.

      They say it doesn't affect your data plan, but the admit that it does send a small amount of data. Granted it's probably quite small... But if you are in an area where there a

  • Comment removed based on user account deletion

  • “Find My” isn’t a great name is it? "iFind" seems so obvious that it would infer that Apple has dropped the “i” naming tradition.
    I did wonder if they’ll do a Tile like product? Yes, probably something crazy which is titanium and pricey.
    However since "privacy as a service" [slashdot.org] seems to be Apple's mantra just now I don't see this as something they could do that wouldn't be abused, undermining the privacy principals they are advocating right now.
    Imagine chucking such a tile into

  • Seems like Apple went full steam ahead at exactly the direction Google feared most.

    Hands up, anyone hear thinks that Google would ever develop something the prevents even Google getting your data?

  • Fantastic! Good for tracking spouses. Employers can now rest assured that they know where their employees are spending time.

    Person A: "Hey Joe, I was cleaning out my car last night and found your iPhone."

    Person B: "That's great Dave. Do me a favor and keep it in your glove compartment until I get a chance to pick it up. Thanks."

  • Ok, so this shiny new service requires you to own at least two Apple devices so that they can arrange exchanging a Preshared Private Key amongst themselves when setting this up.

    So what happens when you buy a third Apple device and want it to connect with the other two? How does this third new device interact with the other two to convince them that it's legitimate so that they'll cough up the Preshared Private Key?

    Then, if Apple devices can do it ... why not the NastyHackerDudes?

    • If it works anything like their other services,
      * Either the secure enclave in the hardware of the other device(s) is used as a second factor
      * You can use a generated Verification Code (generated beforehand on your single Apple device) as the second factor. This is much less convenient of course.

  • What if I only have one Apple product? Then I guess they will just "opt me out" of this privacy feature? And what if I have *two* Apple products that get stolen at the same time (e.g., backpack with Iphone and Imac)? Then they have no way to locate them, assuming they don't have an additional "backup" key on their server which completely nullifies this whole privacy scheme?

  • Ingenious, but easy to defeat (Score:1)

    by Anonymous Coward

    First option: steal both the Mac and the iPad (or all the cooperating Apple devices) at the same time. Then the end user has no way to decrypt the new location of his stolen Apple hardware.

    Second option: only steal one Apple device, but immediately place it in a shielded briefcase. Take it out only in a shielded environment away from all wireless signals. Dismantle it (if possible), then steal the data from it and/or sell the parts. I also wonder if reinstalling the stolen device and jailbreaking it (if

  • So if all apple devices are constantly even when off transmitting a signal. That spells the complete ban of apple devices in certain environments that are RF sensitive. One that comes to mind I visited a few years ago was Arecibo in PR. It is asked that all guests turn off any transmitting devices as they have potential to interfere with any studies going on at the moment. Doesn't matter how weak the signal, even the slightest whisper of RF coming from a device anywhere near the top side of that dish is pro

    • I think this would still need to be off when in airplane mode or with the BT switched off on purpose.

      As I understand it, this is not working when devices are really physically off/unpowered.
      The article states that it works when they're "offline".
      Basically when not connected to the internet, the devices with use low power bluetooth, if it is enabled, to try and build an ad hoc network with other Apple devices that happen to be nearby and might be connected to the internet.

      And yes, large radio telescopes are

Slashdot Top Deals

THEGODDESSOFTHENETHASTWISTINGFINGERSANDHERVOICEISLIKEAJAVELININTHENIGHTDUDE

Close