demonstration

OpenHaystack: a framework for tracking personal bluetooth devices via Apple's massive find my network

Authors:

Alexander Heinrich,

Milan Stute,

Matthias HollickAuthors Info & Claims

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

Pages 374 - 376

https://doi.org/10.1145/3448300.3468251

Published: 28 June 2021 Publication History

Get Access

Abstract

OpenHaystack is an open-source framework for locating personal Bluetooth devices using Apple's Find My Network. A user can integrate it into Bluetooth-capable devices, such as notebooks, or create custom tracking accessories that can be attached to personal items (key rings, backpacks, etc.). We provide firmware images for the Nordic nRF5 chips and the ESP32. We show that they consume little energy and run from a single coin cell for a year. Our macOS application can locate personal accessories. Finally, we make both application and firmware available on GitHub.

References

[1]

Oleg Afonin. Cloud Authentication Tokens Inside Out. ElcomSoft blog. Nov. 30, 2017. url: https://blog.elcomsoft.com/2017/11/icloud-authentication-tokens-inside-out/ (visited on 04/19/2021).

Google Scholar

[2]

Apple Inc. Entitlements - Apple Developer Documentation. url: https://developer.apple.com/documentation/bundleresources/entitlements (visited on 04/19/2021).

Google Scholar

[3]

Apple Inc. Find My Network Accessory Specification. Version Release R1. No longer publicly available. 2020. url: https://developer.apple.com/find-my/.

Google Scholar

[4]

Apple Inc. MFi Program. url: https://mfi.apple.com/ (visited on 04/19/2021).

Google Scholar

[5]

Apple Inc. Notarizing macOS Software Before Distribution - Apple Developer Documentation. url: https://developer.apple.com/documentation/xcode/notarizing_macos_software_before_distribution (visited on 04/19/2021).

Google Scholar

[6]

Apple Inc. NSDistributedNotificationCenter - Apple Developer Documentation. url: https://developer.apple.com/documentation/foundation/nsdistributednotificationcenter (visited on 04/19/2021).

Google Scholar

[7]

Alexander Heinrich, Matthias Hollick, Thomas Schneider, Milan Stute, and Christian Weinert. "PrivateDrop: Practical Privacy-Preserving Authentication for Apple AirDrop". In: USENIX Security Symposium. 2021. url: https://www.usenix.org/conference/usenixsecurity21/presentation/heinrich.

Google Scholar

[8]

Alexander Heinrich and Milan Stute. OpenHaystack Implementation. 2021. url: https://github.com/seemoo-lab/openhaystack.

Google Scholar

[9]

Alexander Heinrich, Milan Stute, Tim Kornhuber, and Matthias Hollick. "Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System". In: Proceedings on Privacy Enhancing Technologies (PoPETs) (2021).

Crossref

Google Scholar

[10]

Nordic Semiconductor. nRF52840 DK - User Guide v1.0.0. url: https://infocenter.nordicsemi.com/pdf/nRF52840_DK_User_Guide_20201203.pdf (visited on 04/19/2021).

Google Scholar

[11]

Milan Stute, Alexander Heinrich, Jannik Lorenz, and Matthias Hollick. "Disrupting Continuity of Apple's Wireless Ecosystem Security: New Tracking, DoS, and MitM Attacks on iOS and macOS Through Bluetooth Low Energy, AWDL, and Wi-Fi". In: USENIX Security Symposium. 2021. url: https://www.usenix.org/conference/usenixsecurity21/presentation/stute.

Google Scholar

[12]

Milan Stute, David Kreitschmann, and Matthias Hollick. "One Billion Apples' Secret Sauce: Recipe for the Apple Wireless Direct Link Ad hoc Protocol". In: International Conference on Mobile Computing and Networking. ACM, 2018.

Digital Library

Google Scholar

[13]

Milan Stute, David Kreitschmann, and Matthias Hollick. The Open Wireless Link Project. 2018. url: https://owlink.org.

Google Scholar

[14]

Milan Stute, Sashank Narain, Alex Mariotto, Alexander Heinrich, David Kreitschmann, Guevara Noubir, and Matthias Hollick. "A Billion Open Interfaces for Eve and Mallory: MitM, DoS, and Tracking Attacks on iOS and macOS Through Apple Wireless Direct Link". In: USENIX Security Symposium. 2019. url: https://www.usenix.org/conference/usenixsecurity19/presentation/stute.

Google Scholar

Cited By

View all

Granzow MHeinrich AHollick MZimmerling MOkoshi TKo JLiKamWa R(2024)Poster: Leveraging Apple's Find My Network for Large-Scale Distributed SensingProceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services10.1145/3643832.3661412(666-667)Online publication date: 4-Jun-2024
https://doi.org/10.1145/3643832.3661412
Farine DPenndorf JBolcato SNyaguthii BAplin L(2024)Low‐cost animal tracking using Bluetooth low energy beacons on a crowd‐sourced networkMethods in Ecology and Evolution10.1111/2041-210X.1443315:12(2247-2261)Online publication date: 23-Oct-2024
https://doi.org/10.1111/2041-210X.14433
Watson JDespres TTan APatil SDutta PPopa R(2024)Nebula: A Privacy-First Platform for Data Backhaul2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00092(3184-3202)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00092
Show More Cited By

Index Terms

OpenHaystack: a framework for tracking personal bluetooth devices via Apple's massive find my network

Recommendations

OpenHaystack Mobile - Tracking Custom Find My Accessories on Smartphones
WiSec '22: Proceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks

In 2021 OpenHaystack on macOS was the first step into liberating Apple's Find My technology to be integrated into any Bluetooth-capable device. By using custom firmware for microchips like the ESP32, it was possible to build custom trackable accessories ...
Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link
MobiCom '18: Proceedings of the 24th Annual International Conference on Mobile Computing and Networking

Apple Wireless Direct Link (AWDL) is a proprietary and undocumented wireless ad hoc protocol that Apple introduced around 2014 and which is the base for applications such as AirDrop and AirPlay. We have reverse engineered the protocol and explain its ...
Attaching InternalBlue to the proprietary macOS IOBluetooth framework
WiSec '20: Proceedings of the 13th ACM Conference on Security and Privacy in Wireless and Mobile Networks

In this demo, we provide an overview of the macOS Bluetooth stack internals and gain access to undocumented low-level interfaces. We leverage this knowledge to add macOS support to the InternalBlue firmware modification and wireless experimentation ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

WiSec '21: Proceedings of the 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 2021

412 pages

ISBN:9781450383493

DOI:10.1145/3448300

General Chairs:
Christina Pöpper
New York University Abu Dhabi, AE
,
Mathy Vanhoef
New York University Abu Dhabi, AE
,
Program Chairs:
Lejla Batina
Radboud University, NL
,
René Mayrhofer
Johannes Kepler University Linz, AT

Permission to make digital or hard copies of part or all of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for third-party components of this work must be honored. For all other uses, contact the Owner/Author.

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 28 June 2021

Check for updates

Author Tags

Qualifiers

Demonstration

Funding Sources

LOEWE initiative (Hesse, Germany)
Hessen State Ministry for Higher Education, Research and the Arts
German Federal Ministry of Education and Research

Conference

WiSec '21

Sponsor:

SIGSAC

WiSec '21: 14th ACM Conference on Security and Privacy in Wireless and Mobile Networks

June 28 - July 2, 2021

Abu Dhabi, United Arab Emirates

Acceptance Rates

WiSec '21 Paper Acceptance Rate 34 of 121 submissions, 28%;

Overall Acceptance Rate 98 of 338 submissions, 29%

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

7
Total Citations
View Citations
468
Total Downloads

Downloads (Last 12 months)81
Downloads (Last 6 weeks)6

Reflects downloads up to 07 Jan 2025

Other Metrics

View Author Metrics

Citations

Cited By

View all

Granzow MHeinrich AHollick MZimmerling MOkoshi TKo JLiKamWa R(2024)Poster: Leveraging Apple's Find My Network for Large-Scale Distributed SensingProceedings of the 22nd Annual International Conference on Mobile Systems, Applications and Services10.1145/3643832.3661412(666-667)Online publication date: 4-Jun-2024
https://doi.org/10.1145/3643832.3661412
Farine DPenndorf JBolcato SNyaguthii BAplin L(2024)Low‐cost animal tracking using Bluetooth low energy beacons on a crowd‐sourced networkMethods in Ecology and Evolution10.1111/2041-210X.1443315:12(2247-2261)Online publication date: 23-Oct-2024
https://doi.org/10.1111/2041-210X.14433
Watson JDespres TTan APatil SDutta PPopa R(2024)Nebula: A Privacy-First Platform for Data Backhaul2024 IEEE Symposium on Security and Privacy (SP)10.1109/SP54263.2024.00092(3184-3202)Online publication date: 19-May-2024
https://doi.org/10.1109/SP54263.2024.00092
Chidziwisano GJalakasi M(2023)Understanding Women's Perspectives on Smart Home Security Systems in Patriarchal Societies of Malawi.Proceedings of the 2023 ACM Designing Interactive Systems Conference10.1145/3563657.3595971(1078-1092)Online publication date: 10-Jul-2023
https://dl.acm.org/doi/10.1145/3563657.3595971
Müller KBienz LRodrigues BFeng CStiller B(2023)HomeScout: Anti-Stalking Mobile App for Bluetooth Low Energy Devices2023 IEEE 48th Conference on Local Computer Networks (LCN)10.1109/LCN58197.2023.10223406(1-9)Online publication date: 2-Oct-2023
https://doi.org/10.1109/LCN58197.2023.10223406
Burg LGranzow MHeinrich AHollick MJadliwala MKim YDmitrienko A(2022)OpenHaystack Mobile - Tracking Custom Find My Accessories on SmartphonesProceedings of the 15th ACM Conference on Security and Privacy in Wireless and Mobile Networks10.1145/3507657.3529655(277-279)Online publication date: 16-May-2022
https://dl.acm.org/doi/10.1145/3507657.3529655
Roth TFreyer FHollick MClassen J(2022)AirTag of the Clones: Shenanigans with Liberated Item Finders2022 IEEE Security and Privacy Workshops (SPW)10.1109/SPW54247.2022.9833881(301-311)Online publication date: May-2022
https://doi.org/10.1109/SPW54247.2022.9833881

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Cited By

Index Terms

Recommendations

OpenHaystack Mobile - Tracking Custom Find My Accessories on Smartphones

Linux Goes Apple Picking: Cross-Platform Ad hoc Communication with Apple Wireless Direct Link

Attaching InternalBlue to the proprietary macOS IOBluetooth framework