Who Can Find My Devices? Security and Privacy of Apple's Crowd-Sourced Bluetooth Location Tracking System

by   Alexander Heinrich, et al.

Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world's largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user's top locations with an error in the order of 10 meters in urban areas. While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.


page 9

page 19


Privacy Analysis of Samsung's Crowd-Sourced Bluetooth Location Tracking System

We present a detailed privacy analysis of Samsung's Offline Finding (OF)...

Toward a Secure Crowdsourced Location Tracking System

Low-energy Bluetooth devices have become ubiquitous and widely used for ...

Handoff All Your Privacy: A Review of Apple's Bluetooth Low Energy Implementation

In recent versions of iOS, Apple has incorporated new wireless protocols...

Estimating indoor crowd density and movement behavior using WiFi Sensing

The fact that almost every person owns a smartphone device that can be p...

WhoTracks.Me: Monitoring the online tracking landscape at scale

We present the largest and longest measurement of online tracking to dat...

Forensic Analysis of Third Party Location Applications in Android and iOS

Location sharing applications are becoming increasingly common. These ap...

Lisbon Hotspots: Wi-Fi access point dataset for time-bound location proofs

Wi-Fi hotspots are a valuable resource for people on the go, especially ...

Please sign up or login with your details

Forgot password? Click here to reset