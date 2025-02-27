Eric Zeman / Android Authority

TL;DR A flaw in Apple’s Find My network can be exploited to track the location of any Bluetooth device.

It lets hackers trick the network into thinking an Android phone or gaming console is an AirTag and then pinpoint its location to within 10 feet.

The exploit doesn’t require administrator privileges and works on Bluetooth devices running Linux, Android, or Windows, Smart TVs, gaming consoles, and VR headsets.

Apple’s Find My network makes it easy for users to track the location of their iPhones, Macs, and other possessions using an AirTag. However, as seen previously, it can be misused to stalk unsuspecting users. While Apple has implemented anti-stalking measures to prevent others from tracking your whereabouts with a hidden AirTag, a newly discovered exploit can let hackers leverage the Find My network to track any Bluetooth device, including Android phones.

Discovered by a team of researchers from George Mason University, this exploit essentially lets hackers remotely trick Apple’s Find My network into thinking a Bluetooth device is an AirTag and then track its location “without the owner ever realizing it.” Dubbed nRootTag, the exploit does not require admin-level privileges, has a shocking 90% success rate, and can be used to pinpoint a stationary device’s location to within 10 feet in just a few minutes.

In a blog post highlighting the exploit (via 9to5Mac), the researchers reveal that nRootTag works on a wide range of Bluetooth devices, including computers and mobile devices running Linux, Android, or Windows, Smart TVs, gaming consoles, and VR headsets. The researchers alerted Apple of the exploit in July 2024 and recommended updating the Find My network to improve Bluetooth device verification. However, Apple has yet to implement a fix.

Until Apple patches the loophole, the researchers advise users to “be wary of apps asking for unnecessary Bluetooth permissions and if Bluetooth was unintentionally enabled, keep their device software up-to-date.”

