Hacker News new | ask | show | jobs
by londons_explore 1883 days ago
How exactly can stalking protection work with apples claim that the system doesn't provide any outsider or apple themselves the ability to track your airtag?

Surely stalking protection is doing exactly that? Couldn't I take a modded/hacked iPhone and track somebody elses tag all day long from near the edge of UWB range?

Apples original paper [1] said the signals emitted contained no unique/trackable identifier except to the key-holder who could link together all the rolling keys. Yet that can never offer this stalking protection feature.

Have Apple dropped the privacy protections they had in mind to enable this anti-stalker feature?

[1]: https://www.wired.com/story/apple-find-my-cryptography-bluet...
2 comments
jws 1883 days ago
Nearly zero knowledge of the airtags protocol, but something like this would allow tracking a stalking tag without giving a trackable identifier.

• An AirTag which is seeing an owning device might only be reporting its presence to that device. We can ignore those. (I'm guessing AirTags listen in some limited way, this still works if they don't, it just is always in the separated state.)

• An AirTag which is separated from its owning device will be broadcasting a public key in an "I'm separated" message.

This public key is rotated periodically, but is used for a while. When my phone sees an "I'm separated" message it will send a hash of the public key and a location (encrypted with that key) to Apple central.

If I'm in motion, and continue to see the same public key crying out that it is separated, then it is traveling with me.

Of course everything is way more complicated…

• It probably doesn't just switch to a new public key and stop using the old one, that would let you correlate them, so there is probably some period of overlap to complicate that.

• How to decide when to tell the user about the tag is a complicated problem. If I'm on a train traveling with a tag I don't recognize, I probably don't care. If I change train cars (I'm still in motion, but 98% of the tags around me changed) I might care. If am walking after getting off the train and most of the other tags are gone, except this one, I might care. If it's still with me when I get home, I care.

link
brantonb 1883 days ago
I think an important part you might’ve missed is that the tag has to be away from its owner to be considered stalking you. If two strangers ride a train together, their air tags won’t be considered stalking each other.
link
jws 1883 days ago
That is the test in the first two bullet points. If the AirTags don’t listen then you’d have to add a “I am responsible for that AirTag” broadcast message from the responsible device. But I kind of suspect they do listen, if only for a short period after a beacon message. They need to get their public keys from somewhere.
link
gruez 1883 days ago
https://news.ycombinator.com/item?id=26878110
link
londons_explore 1883 days ago
> The random ID has a fixed suffix in the spec, so you can infer that it’s the same AirTag if you see the same suffix across multiple rotations.

So if that suffix is 8 or more bits, as soon as you have an airtag on your keys, wallet, and bag, you've become a nice easy to track person.

If the suffix is less than 8 bits, then the 200 airtags around me in a classroom setting will always be falsely setting off the alert - at least one of those 256 possible suffixes will remain always in use for hours with every rotation.

Privacy 100% broken. Great.

link
gruez 1883 days ago
just spitballing here...

>So if that suffix is 8 or more bits, as soon as you have an airtag on your keys, wallet, and bag, you've become a nice easy to track person.

This can be easily solved by disabling the fixed bits if an "owned" device (eg. your iphone) is present. It prevents the anti-stalking feature from being used, but presumably if you can get a phone to follow the person you can probably get a GPS tracker to follow the person as well so that's not really a security risk.

>If the suffix is less than 8 bits, then the 200 airtags around me in a classroom setting will always be falsely setting off the alert - at least one of those 256 possible suffixes will remain always in use for hours with every rotation.

The phone can take the number of airtags that it sees into account. If it saw an airtag with the same suffix for the last 3 hours, but during that time it also saw 300 airtags, it's probably a false alarm. But if it only saw 10 airtags then that might warrant warning.

link
Jcowell 1882 days ago
We can avoid speculation and just read the Specs here it seems : https://images.frandroid.com/wp-content/uploads/2020/06/Find...
link