Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Monday June 10 2019, @11:48AM   Printer-friendly
from the we'll-see dept.

Submitted via IRC for SoyCow4463

The clever cryptography behind Apple's "Find My" feature

When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. But while security experts immediately wondered whether Find My would also offer a new opportunity to track unwitting users, Apple says it built the feature on a unique encryption system carefully designed to prevent exactly that sort of tracking—even by Apple itself.

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.

"Now what's amazing is that this whole interaction is end-to-end encrypted and anonymous," Federighi said at the WWDC keynote. "It uses just tiny bits of data that piggyback on existing network traffic so there's no need to worry about your battery life, your data usage, or your privacy."

[...] That system would obviate the threat of marketers or other snoops tracking Apple device Bluetooth signals, allowing them to build their own histories of every user's location. "If Apple did things right, and there are a lot of ifs here, it sounds like this could be done in a private way," says Matthew Green, a cryptographer at Johns Hopkins University. "Even if I tracked you walking around, I wouldn't be able to recognize you were the same person from one hour to the next."

In fact, Find My's cryptography goes one step further than that, denying even Apple itself the ability to learn a user's locations based on their Bluetooth beacons. That would represent a privacy improvement over Apple's older tools like Find My iPhone and Find Friends, which don't offer such safeguards against Apple learning your location.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by pkrasimirov on Tuesday June 11 2019, @01:27PM (1 child)

    by pkrasimirov (3358) Subscriber Badge on Tuesday June 11 2019, @01:27PM (#854189)

    > it just sends the key to Apple
    There we go.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by pipedwho on Tuesday June 11 2019, @07:21PM

    by pipedwho (2032) on Tuesday June 11 2019, @07:21PM (#854325)

    When you request the current location. That doesn’t mean the payload is exposed as it can be decrypted on your local devices based on the same HSM derived keys that the rest of iCloud uses along with your locally used password that is never sent to Apple. So you could theoretically remain untracked even during the short time frame after activating the ‘find my’ feature. Obviously Apple could track you in some other way, but not via this method.