Security researchers at George Mason University have uncovered a concerning vulnerability that allows hackers to track nearly any Bluetooth device through Apple's Find My network. The hack, named nRootTag, can transform ordinary Bluetooth devices into tracking beacons without users' knowledge.
The research team developed sophisticated methods to bypass the security measures Apple uses to protect AirTags from being compromised. Their technique, which has a 90% success rate, works across multiple platforms including Android, Windows, and Linux devices, as well as smart TVs and VR headsets.
What makes this discovery particularly alarming is that the hack can be executed remotely without requiring administrator access to the target device. However, executing the attack requires substantial computing resources - the researchers needed hundreds of graphics processing units (GPUs) typically used for AI development and cryptocurrency mining.
Apple addressed the security concern after the researchers reported it in June 2024. The company released a fix through the Find My network update on December 11, 2024. Apple clarified that the vulnerability affects Android, Windows, and Linux devices rather than being a flaw in AirTags or other Apple products specifically.
While the extensive computing power required makes widespread attacks unlikely, users should remain vigilant about unexpected Bluetooth connection requests. Regular system updates and app patches provide the best protection against such security threats.
Users can monitor connected Bluetooth devices through their device settings and should promptly install security updates released by manufacturers. The discovery serves as a reminder of the growing sophistication of tracking techniques and the importance of maintaining device security.