[Doe-_]

The location report is signed with a public key advertised by the "lost" device.

To retrieve the device's location and to prevent Apple from knowing who lost the device, all signed in users can download any location report for a given public key.

This is explained better here: https://github.com/seemoo-lab/openhaystack

[vlovich123]

That doesn’t explain how the keylogger obtains the set of things uploaded. Or is it just spamming the network and hope all the updates make it? Like you don’t even know which beacon made it out

[dagmx]

Yep, that’s pretty much it. There doesn’t seem to be a guarantee that you’ll get all the “packets”. I’m not sure what the Find My update rate is either so I don’t imagine this will be very effective to exfiltrate data.

[wkat4242]

Sometimes a few bytes can be very valuable. Think of the signing keys of Microsoft or a high value bitcoin wallet.

And these things lose their value quickly once the target knows you have them so this kind of almost undetectable exfiltration is smart.

And packet loss can be mitigated with resending, and/or high amounts of parity data.