Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

  It lets you turn someone else's device into an airtag, then track its location.
Only if you can get their device to run your code.


No, read the summary from the top comment.


Actually, very much yes. The device to be tracked needs to be exploited somehow in order to run the code to advertise its existence via BLE.

FTA's "Architecture of nRootTag":

> (1) The Trojan code runs on the computer to be tracked.


Yeah - this is really really cool, but if you have code running on the target device, why relay its location via FindMy? If you are already talking to an external server to get pre-computed keys, there are easier ways to share location than FindMy… I guess if the target device doesn’t have GPS, FindMy does get you closer than other geolocation methods.


Yes, not having GPS is one reason. The other one (less good) is that you can continue to track the device even when it has no network connection (as long as it's turned on and near an iPhone).

But there probably aren't many situations where someone has a network-enabled device turned on, disconnected from the network, but in range of at least one iPhone that has a network connection. Perhaps on a plane?


The patch for iOS is not to stopp the potential hijack via a Trojan software but to stopp the mesh of iOS devices to broadcast the find my messages around.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: