"Apple’s Device Location-Tracking System Could Expose User Identities"
Researchers from the Technical University of Darmstadt have identified two vulnerabilities in a proprietary app introduced by Apple in 2019 for its iOS, macOS, and watchOS platforms called Offline Finding (OF). Offline Finding helps users find Apple devices even when they're offline. The vulnerabilities could expose the identity of users. The researchers stated that one flaw in the design of OF allows Apple to correlate different owners' locations if their locations are reported by the same finder, effectively allowing Apple to construct a social graph. This can violate user privacy. For the first flaw to be exploited, an owner would have to request their devices' location via the Find My application, the researchers noted. The second vulnerability discovered could allow someone to build "malicious macOS applications to retrieve and decrypt the OF location reports of the last seven days for all its users and for all of their devices.
Threatpost reports: "Apple’s Device Location-Tracking System Could Expose User Identities"