Abusing Apple's 'Find My' Location Network Leads To Stealing Keylogged Passwords

Apple's "Find My" network, initially designed to help users locate lost Apple devices, can be exploited by malicious actors to discreetly transmit sensitive information captured by keyloggers in keyboards. This potential abuse was discovered by Positive Security researchers, Fabian Bräunlein and team, over two years ago, prompting Apple to address the issue. The Find My network utilizes GPS and Bluetooth data from Apple devices worldwide to locate lost or stolen items, even if they are offline. Lost devices emit Bluetooth signals, which nearby Apple devices anonymously relay to the owner via the Find My network. The researchers have shared their 'Send My' implementation on GitHub, allowing others to leverage it for uploading and retrieving arbitrary data on Apple's Find My network from any internet-enabled device worldwide. Read more...