Send My: Arbitrary data transmission via Apple's Find My net

Send My: Arbitrary data transmission via Apple's Find My network


broadcasts to nearby Apple devices that then
upload the data for you
We released an
macOS application to retrieve, decode and display the uploaded data: https://github.com/positive-security/send-my
Being inherent to the privacy and security-focused design of the Find My Offline Finding system, it seems
unlikely that this misuse can be prevented completely
Introduction
With the recent release of Apple's AirTags, I was curious whether Find My's Offline Finding network could be (ab)used to upload arbitrary data to the Internet, from devices that are not connected to WiFi or mobile internet. The data would be broadcasted via Bluetooth Low Energy and picked up by nearby Apple devices, that, once they are connected to the Internet, forward the data to Apple servers where it could later be retrieved from. Such a technique could be employed by small sensors in uncontrolled environments to avoid the cost and power-consumption of mobile internet. It could also be interesting for exfiltrating data from Faraday-shielded sites that are occasionally visited by iPhone users.

Related Keywords

, Bluetooth Low Energy , Find My Offline Finding , Offline Finding , Apple Device , Elliptic Curve , Owner Device , Apple Devices , Elliptic Curve Public , புளூடூத் குறைந்த ஆற்றல் , ஆஃப்லைனில் கண்டுபிடிப்பது , ஆப்பிள் சாதனம் , ஆப்பிள் சாதனங்கள் ,

© 2025 Vimarsana