• Follow us

Gadgets

The clever cryptography behind Apple’s “Find My” feature

The 2018 15-inch Apple MacBook Pro with Touch Bar.Enlarge / The 2018 15-inch Apple MacBook Pro with Touch Bar.Samuel Axon

When Apple executive Craig Federighi described a new location-tracking feature for Apple devices at the company's Worldwide Developer Conference keynote on Monday, it sounded—to the sufficiently paranoid, at least—like both a physical security innovation and a potential privacy disaster. But while security experts immediately wondered whether Find My would also offer a new opportunity to track unwitting users, Apple says it built the feature on a unique encryption system carefully designed to prevent exactly that sort of tracking—even by Apple itself.

In upcoming versions of iOS and macOS, the new Find My feature will broadcast Bluetooth signals from Apple devices even when they're offline, allowing nearby Apple devices to relay their location to the cloud. That should help you locate your stolen laptop even when it's sleeping in a thief's bag. And it turns out that Apple's elaborate encryption scheme is also designed not only to prevent interlopers from identifying or tracking an iDevice from its Bluetooth signal, but also to keep Apple itself from learning device locations, even as it allows you to pinpoint yours.

"Now what’s amazing is that this whole interaction is end-to-end encrypted and anonymous," Federighi said at the WWDC keynote. "It uses just tiny bits of data that piggyback on existing network traffic so there’s no need to worry about your battery life, your data usage, or your privacy."

In a background phone call with WIRED following its keynote, Apple broke down that privacy element, explaining how its "encrypted and anonymous" system avoids leaking your location data willy nilly, even as your devices broadcast a Bluetooth signal explicitly designed to let you track your device. The solution to that paradox, it turns out, is a trick that requires you to own at least two Apple devices. Each one emits a constantly changing key that nearby Apple devices use to encrypt and upload your geolocation data, such that only the other Apple device you own possesses the key to decrypt those locations.

That system would obviate the threat of marketers or other snoops tracking Apple device Bluetooth signals, allowing them to build their own histories of every user's location. "If Apple did things right, and there are a lot of ifs here, it sounds like this could be done in a private way," says Matthew Green, a cryptographer at Johns Hopkins University. "Even if I tracked you walking around, I wouldn’t be able to recognize you were the same person from one hour to the next."

In fact, Find My's cryptography goes one step further than that, denying even Apple itself the ability to learn a user's locations based on their Bluetooth beacons. That would represent a privacy improvement over Apple's older tools like Find My iPhone and Find Friends, which don't offer such safeguards against Apple learning your location.

Here's how the new system works, as Apple describes it, step by step:

When you first set up Find My on your Apple devices—and Apple confirmed you do need at least two devices for this feature to work—it generates an unguessable private key that's shared on all those devices via end-to-end encrypted communication so that only those machines possess the key. Each device also generates a public key. As in other public key encryption setups, this public key can be used to encrypt data such that no one can decrypt it without the corresponding private key, in this case the one stored on all your Apple devices. This is the "beacon" that your devices will broadcast out via Bluetooth to nearby devices. That public key frequently changes, "rotating" periodically to a new number. Thanks to some mathematical magic, that new number doesn't correlate with previous versions of the public key, but it still retains its ability to encrypt data such that only your devices can decrypt it. Apple refused to say just how often the key rotates. But every time it does, the change makes it that much harder for anyone to use your Bluetooth beacons to track your movements. Say someone steals your MacBook. Even if the thief carries it around closed and disconnected from the internet, your laptop will emit its rotating public key via Bluetooth. A nearby stranger's iPhone, with no interaction from its owner, will pick up the signal, check its own location, and encrypt that location data using the public key it picked up from the laptop. The public key doesn't contain any identifying information, and since it frequently rotates, the stranger's iPhone can't link the laptop to its prior locations, either. The stranger's iPhone then uploads two things to Apple's server: the encrypted location, and a hash of the laptop's public key, which will serve as an identifier. Since Apple doesn't have the private key, it can't decrypt the location. When you want to find your stolen laptop, you turn to your second Apple device—let's say an iPad—which contains both the same private key as the laptop and has generated the same series of rotating public keys. When you tap a button to find your laptop, the iPad uploads the same hash of the public key to Apple as an identifier so that Apple can search through its millions upon millions of stored encrypted locations and find the matching hash. One complicating factor is that iPad's hash of the public key won't be the same as the one from your stolen laptop, since the public key has likely rotated many times since the stranger's iPhone picked it up. Apple didn't quite explain how this works. But Johns Hopkins' Green points out that the iPad could upload a series of hashes of all its previous public keys so that Apple could sort through them to pull out the previous location where the laptop was spotted. Apple returns the encrypted location of the laptop to your iPad, which can use its private key to decrypt it and tell you the laptop's last known location. Meanwhile, Apple has never seen the decrypted location, and since hashing functions are designed to be irreversible, it can't even use the hashed public keys to collect any information about where the device has been.

As staggeringly complex as that might sound, Apple warns that it's still a somewhat simplified version of the Find My protocol, and that the system is still subject to change before it's actually released in MacOS Catalina and iOS 13 later this year. The true security of the system will depend on the details of its implementation, warns Johns Hopkins' Green. But he also says that if it works as Apple described to Wired, it might indeed offer all the privacy guarantees Apple has promised.

"I give them nine out of 10 chance of getting it right," Green says. "I have not seen anyone actually deploy anything like this to a billion people. The actual techniques are pretty well known in the scientific sense. But actually implementing this will be pretty impressive."

This story originally appeared on wired.com.

Read More



Leave A Comment

More News

Digital Trends

The best movies on Amazon Prime Video right 2019-07-03 13:09:11Amazon Prime Video provides subscribers with access to a host of fantastic films, but sorting through the catalog can be a major undertaking. Luckily,

Porsche Taycan battery pack has foot garages to 2019-07-03 12:59:11The Porsche Taycan electric car has indentations in its battery pack called foot garages. They're designed to move rear-seat passengers closer to the

The best Nintendo Switch exclusives 2019-07-03 12:56:16Who doesn't love a good Nintendo game? If you're looking for great first-party titles for your Nintendo Switch, take a look at our list of the very

The best Xbox One exclusives you can get 2019-07-03 12:45:05Xbox One has a prestigious collection of handpicked titles that you can't play on other consoles. Here are the latest and greatest Xbox One exclusive

It’s not just you: Facebook, Instagram, and WhatsApp 2019-07-03 12:42:00It's not just you: Facebook, Instagram, and WhatsApp users have been reporting outages and problems with images since around 5:45 a.m. PT on Wednesda

Amazon drops $50 off of August smart lock 2019-07-03 12:39:06Smart locks are much more to difficult to tamper with compared to a set of keys that are easily duplicated. Take advantage of Amazon's deal on the Au

The best indie games on Nintendo Switch 2019-07-03 12:33:00The Nintendo Switch's portability makes indies feel at home on the platform. Luckily, there are plenty of great titles to choose from. Here are our p

Best Buy’s refurbished Apple Watch Series 4 GPS+Cellular 2019-07-03 12:26:50On Digital Trends' deals page we frequently post new deals on the Apple Watch. However, the current deal on a refurbished 40mm Gold Aluminum Case wit

Amazon offers $80 off the Apple Watch Series 2019-07-03 12:20:58From notifying you of your social media updates to tracking your outdoor activities, the Apple Watch Series 3 makes an ideal everyday companion. Get t

This electric mini McLaren will ensure your kid 2019-07-03 12:20:45McLaren is returning to the kiddy car segment with an electric, scaled-down version of the 720S. Developed for toddlers, the Ride-On toy is powered by

Apple secretly adds AR-powered FaceTime eye correction in 2019-07-03 11:56:38FaceTime is brilliant -- but because of the position of the camera, it's impossible to make conversations seem natural. The latest version of the iOS

Neuroscientists discover the part of the brain behind 2019-07-03 11:21:39Want to know why you're creeped out by CGI humans? Neuroscientists and psychologists have identified the exact part of the brain in which the 'uncan

Engadget RSS Feed

Good luck sliding into anyone's Twitter DMs right 2019-07-03 14:02:00Facebook isn't the only internet behemoth suffering from serious downtime. As of mid-day on July 3rd, Twitter is experiencing "some issues" with d

Mobile game streaming service Hatch is available in 2019-07-03 13:03:00When it comes to game streaming, it's not just the likes of Microsoft, Google and Sony who are trying to capture players' attention. There's a mobi

Blipblox is a synth made for kids that 2019-07-03 12:30:00 Blipblox is a synthesizer designed for children. The company behind it, Playtime Engineering, even calls it a toy. And it certainly looks lik

Canon is crowdfunding a tiny, rugged clip-on camera 2019-07-03 11:52:00Canon may be late to the clippable camera party, but it's still convinced it can bring something new to the table. The company is preparing a crowdf

Facebook, Instagram and WhatsApp are struggling to stay 2019-07-03 11:23:00Facebook, Instagram and WhatsApp are experiencing outages this morning. Downdetector maps show the services are struggling around the globe, but the i

Netflix creates UK production hub at Disney's preferred 2019-07-03 11:04:00Netflix is setting up another big production hub, and this one is steeped in cinematic history. The streaming giant is establishing a 14-stage UK ope

D-Link agrees to 10-year security assessment to settle 2019-07-03 10:23:00D-Link has settled a two-year-old lawsuit filed by the FTC over its products' insufficient security, and it has agreed to a few conditions to put the

Sony's 230-Walkman exhibit celebrates 40 years of a 2019-07-03 10:00:00To celebrate the 40th anniversary of the first Walkman sold (the TPS-L2, naturally), Sony is showing off the history of the portable music player in c

Waymo will test its self-driving taxis on employees 2019-07-03 09:39:00Self-driving venture Waymo has been given permission by California authorities to transport people in its robotaxis. According to TechCrunch, the Cali

Amazon keeps Alexa transcripts unless you manually delete 2019-07-03 09:21:00Back in May, Amazon introduced a new Alexa feature that makes it easy to delete your voice history -- apparently, that could be pretty handy if you do

The best games for Nintendo Switch 2019-07-03 09:00:00Nintendo's Switch is on a roll. The youngest of the games consoles is punching above its weight with a mix of core Nintendo games that have pushed ic

The Morning After: Windows 1.0 is back and 2019-07-03 08:45:00Hey, good morning! You look fabulous. Yesterday's Orion test went off without a hitch, and we're sure that Samsung is hoping its Galaxy Fold can ev

WIRED

Mapping Apps for Camping and Hiking: AllTrails, Gaia, 2019-07-03 09:00:00Don't lose yourself out there. Download one of these trail mapping apps to make sure you can always find your way, whether you have cell service or n

REI 4th of July Sale: 13 Summer Outdoors 2019-07-03 08:00:00If you need a water bottle, tent, or a really cool hoodie, it's all on sale at REI's 4th of July Sale on outdoor apparel, accessories, and gear.

Caroline Criado Perez Explains the 'Gender Data Gap' 2019-07-02 13:54:57In this WIRED Q&A, author Caroline Criado Perez explains how elements of the modern world were designed more for men than women.

How to Take Photos of Fireworks With Your 2019-07-02 09:00:00Use these battle-tested tips and camera settings to capture dramatic photos of those explosions in the sky.

Microsoft’s Ebook Apocalypse, Facebook Drug Ads, and More 2019-07-01 18:22:00Catch up on the most important news from today in two minutes or less.

Why You Still Can’t Buy Fireworks on Amazon 2019-07-01 16:36:00The “everything store” might not cover all your Fourth of July celebration needs.

Fujifilm Instax Mini LiPlay Review: A Cam and 2019-07-01 08:00:00Fujifilm's latest instant camera offers the best of both Instax worlds: It's an instant camera and printer in one.

The Second Coming of the Robot Pet 2019-07-01 07:00:00Man's best friend isn't a dog—it's a doglike robot, designed to perform tricks and tug at your heartstrings.

From Cameras to Kayaks, All the Stuff We 2019-06-30 10:00:00Plus: The all-new Mac Pro, Instant Pot's ace blender, and even a bidet.

Microsoft's Ebook Apocalypse Shows the Dark Side of 2019-06-30 07:00:00Microsoft has closed its ebook store—and will soon make its customers' libraries disappear along with it.

How the iPhone Helped Save the Planet 2019-06-29 07:00:00Over the last 12 years, smartphones have helped dematerialize our consumption of countless other products.

All ThinkGeek Items Are 75% Off, Google Speakers 2019-06-29 07:00:00From a wood burning stove to the Bob Ross blanket, we scoured the web for the best deals this weekend.

Ars Technica » Gear

The Galaxy Note 10 launches August 7 2019-07-01 21:00:26Samsung's next big phone launch happens next month.

Report describing Jony Ive’s Apple exit gains a 2019-07-01 19:07:20The report claimed Ive was frustrated with the company's leadership.

PlayStation Vue applies a $5-a-month increase to all 2019-07-01 17:41:33The stage is set for messiness as more channels launch streaming options.

Samsung CEO calls Galaxy Fold launch failure “embarrassing” 2019-07-01 15:28:19"I pushed it through before it was ready," CEO says of the Galaxy Fold.

Catalyst deep dive: The future of Mac software 2019-07-01 07:30:51The people already using Catalyst tell Ars what Mac users and devs should expect.

Jony Ive will depart Apple to start his 2019-06-27 17:34:54Apple will be one of his new business' key clients, however.

Gmail’s API lockdown will kill some third-party app 2019-06-27 12:49:17Google emails users: "the following apps may no longer be able to access your data."

WireGuard on Windows early preview 2019-06-27 12:17:34WireGuard for Windows is still in pre-alpha, but it's looking very good.

Apple bolsters its chip team by hiring architect 2019-06-26 18:57:03The CPU-for-Macs rumor is bound to resurface, but nothing’s for sure still.

Oppo’s first under-display camera demo looks decidedly first-generation 2019-06-26 13:25:17Taking a picture through a display requires a "redesigned pixel structure."

Microsoft OneDrive gets a more secure Personal Vault, 2019-06-25 18:37:21Microsoft is adding a protected section to its cloud storage.

Apple updates Pages, Keynote, and Numbers with new 2019-06-25 17:09:02Face detection will now be used to intelligently position subjects in photos.

TechCrunch » Gadgets

Team studies drone strikes on airplanes by firing 2019-07-01 17:52:58Bird strikes are a very real danger to planes in flight, and consequently aircraft are required to undergo bird strike testing — but what about

Startups at the speed of light: Lidar CEOs 2019-06-29 11:41:04As autonomous cars and robots loom over the landscapes of cities and jobs alike, the technologies that empower them are forming sub-industries of thei

Apple’s Sidecar just really *gets* me, you know? 2019-06-28 09:40:24With the rollout of Apple’s public beta software previews of macOS and the new iPadOS, I’ve finally been able to experience first-hand Sid

Police body-cam maker Axon says no to facial 2019-06-27 18:01:35Facial recognition is a controversial enough topic without bringing in everyday policing and the body cameras many (but not enough) officers wear thes

NASA’s Dragonfly will fly across the surface of 2019-06-27 17:20:37NASA has just announced its next big interplanetary mission: Dragonfly, which will deliver a Mars Rover-sized flying vehicle to the surface of Titan,

Tiny Robobee X-Wing powers its flight with light 2019-06-27 14:52:26We've seen Harvard's Robobee flying robot evolve for years: After first learning to fly, it learned to swim in 2015, then to jump out of the water a

Oppo shows first under-screen camera in bid to 2019-06-26 13:32:33Ever since the notch was first added to smartphones, everyone in the world except the deeply deluded and my editor have wished it gone. Oppo has done

This robot crawls along wind turbine blades looking 2019-06-24 16:17:51Wind turbines are a great source of clean power, but their apparent simplicity — just a big thing that spins — belie complex systems that

Apple just released the first iOS and iPadOS 2019-06-24 13:46:15This is your opportunity to get a glimpse of the future of iOS — and iPadOS. Apple just released the first public beta of iOS 13 and iPadOS

The Raspberry Pi Foundation unveils the Raspberry Pi 2019-06-24 02:01:51The Raspberry Pi 4 is here — and it’s an awesome upgrade. Earlier rumors said that it would take a while before a major Raspberry Pi upgra

Crowdfunded spacecraft LightSail 2 prepares to go sailing 2019-06-21 13:47:30Among the many spacecraft and satellites ascending to space on Monday's Falcon Heavy launch, the Planetary Society's LightSail 2 may be the most int

Hasselblad’s new medium format camera is a tiny, 2019-06-20 15:25:10While mirrorless cameras accelerate into the future, medium format models are hearkening unto the past — and Hasselblad chief among them. Its ne


Disclaimer and Notice:WorldProNews.com is not responsible of these news or any information published on this website.