Ready to Start Your Career?

Cybrary Counter-Stalking Initiative

Cybrary Threat Intelligence Group (CTIG)'s profile image

By: Cybrary Threat Intelligence Group (CTIG)

April 12, 2023

How we got here

In mid-December 2022, we took notice of an Apple update to AirTags which enabled “precision finding,” meant to give newer iPhones the ability to tell their users that an unknown AirTag was traveling with them, and make it easier to locate. The update was compelling for two reasons. Our first thought was to determine how extensive was the misuse of tracking devices, if Apple was making efforts to remediate the issue. The second was to explore the technical aspects of the update, focusing on the use of Bluetooth and Ultra Wideband protocols, and Apple’s mesh network in general.

We take you on that technical journey in Part 2 of this blog, but first we’ll talk about the initial focus.

Bluetooth trackers have become as popular as they are useful. Tile was the first to market a device that when paired with a smartphone or tablet, could be located about 100 meters away. Apple expanded the capability by enabling the tracker to relay its location through the “FindMy” network, allowing just about everything in their ecosystem to act as a bridge to the internet, transmitting data through millions of devices worldwide. Keeping track of your luggage, keys, or even your children, has never been so easy and affordable.

The difference between keeping track of someone, or conducting surveillance, is as simple as whether or not the person being tracked is aware and consenting. And sadly, the past year has shown there are a significant number of reported cases where these devices have been used for stalking, harassment, and much worse. The manufacturers have taken steps to prevent misuse of the devices, but these are limited in what they can achieve - and can even be contradictory. For instance, Tile allows you to use their app to scan for devices near you, but at the same time offers a setting where an owner can evade that very same scanning if they send in their personal information. Not much consolation after a tragedy. Newer iPhones will now tell you when an AirTag has been traveling with you - but several hours after it knows that it is there. In that time, a stalker can establish a significant pattern of your life. We have seen where bad actors have drilled out the speaker, making it much more difficult to locate the device by sound once you get the warning. And if someone places a Tile on a person using an iPhone? That person has to have had the Tile app installed and running, to get any idea there’s a problem. The same is true for AirTags relative to Android devices and vice versa. To get an idea that something has been “traveling with you,” you would have to both install, and keep running, each app from each manufacturer. We feel that a person shouldn’t have to run 3 more apps on their phone that communicate your location continuously with companies that would love to know more about your habits.

AirTag Detection

As we learned more about these cases, we decided we would explore some means by which an individual could protect their privacy and security. The Infosec community can have many factions, but when problems like these become serious it tends to pull together. Taking control of your own security can sometimes feel overwhelming, and we felt it was an opportunity to give something back, starting here.

Using tools to detect radio signals is an important and growing segment of cybersecurity as a whole, and that segment expands as the Internet of Things continues to grow. We worked out the methods by which we could reliably detect the signal, however the necessary tools are impractical for the average person. Fortunately for this project, there exists the Flipper Zero. The Flipper Zero is a powerful research tool that looks more like a toy. If you’re of a certain age, you’ll remember the Tamagotchi from the mid-90’s. Unlike that electronic fidget toy, the Flipper can help you learn about and interact with all manner of devices from the remote control on your TV, to the key fob on your car. The Flipper is built with antennas that can read a wide range of common signals, and has an extensive user community that contributes additional functions on a regular basis.

Once we isolated the radio signals from each brand of tracking device with specific tools, we were able to store those signatures, and build an application to be run on the Flipper and enable users to detect any brand of bluetooth tracker. Even though the Tile claims to give owners the option to hide the tracker from detection, we found that we could still see past the adjustments they made to hide their signal. Working with the Flipper Zero community, and through the firmware repositories Roguemaster and Unleashed, we are able to provide this app for free, to anyone with the device. At any time, a user can determine if there are any bluetooth trackers in their immediate vicinity.

Our intention was to begin with the most well-known device with the greatest capability that is currently available, give people an opportunity to take an active role in their security, and build a series of courses for professionals and enthusiasts alike . Of course, the Flipper is often on backorder due to its popularity but this is only our first effort along these lines. In a perfect world we would be able to push an app to phones that enabled all users to scan for trackers, but that is still in the works. What we will do in the meantime is continue to educate and inform, and create a learning path for all manner of interaction with the many devices that belong to the Internet of Things.

Schedule Demo