March 2, 2025, 9:11 am | Read time: 3 minutes
Security experts have discovered a way to exploit a vulnerability in Apple’s “Where is?” network. This enables the exact location of Bluetooth devices to be tracked.
With the “Where is?” location service, Apple enables its users to link all of the manufacturer’s devices with each other and, above all, to locate them. Whether iPhone, AirPods, Apple Watch, or AirTagged objects — all can be located relatively accurately via the app. This is practical if you have misplaced something or it has been stolen. However, experts have now discovered that hackers can also exploit the system. The discovered security gap makes it possible to track any Bluetooth device secretly.
Experts Exploit Apple Technology
Researchers at George Mason University have developed a technology called “nRootTag,” which allows the locations of various devices to be tracked almost to the meter without the knowledge of their users. The only requirement is that the devices have Bluetooth. This is made possible via Apple’s “Where is?” network. The expert report states, among other things, that it is possible to “turn virtually any laptop, phone or even games console into an Apple AirTag” and track the devices in this way.
The tracking also works remotely over many kilometers and is relatively cheap for the attackers. Among other things, the researchers report that they were able to precisely track the route of both an electric car and an airplane with the corresponding technology on board. They compare the technology with being able to turn virtually any device into an AirTag within a very short time. But how exactly does it work?
“nRootTag” Turns Bluetooth Devices into AirTags
AirTags communicate their location by exchanging signals with other Bluetooth devices in the vicinity. This data is then transferred to the cloud via an internet-enabled device so that users with access can call up the location accordingly. This is also relevant, for example, if an Apple user permanently shares the location of their iPhone with another person via the “Where is?” function.
The researchers’ new attack technique transfers this behavior to other Bluetooth devices. To do this, the technology tricks the “Where is?” network into believing that the device is an AirTag. The experts have developed an algorithm that matches existing Bluetooth addresses accordingly. This apparently results in a success rate of around 90 percent. An attack can, therefore, fail, but in the vast majority of cases, the deception succeeds.
Locking, backing up data, … What should I do if I have lost my cell phone?
eCaution! Particular key sequence causes iPhone to crash
Apple iOS 18.3.1 Is Here! Should You Install the iPhone Update Straight Away?
No Solution in Sight for the Time Being
Nevertheless, due to the high computing power required, localization takes a few minutes. However, this is still comparatively fast and, above all, represents a massive violation of privacy. This is why the researchers at George Mason University issued an urgent warning about the method in their report.
Apple has since become aware of the problem. In a security update for iOS 18.2, the researchers were at least thanked for their help. However, nothing is known about a solution as yet. According to the experts, a final solution could still take some time to develop, perhaps even years. So, what can you do about the security vulnerability?
If you want to be on the safe side, you should only activate your Bluetooth connections when it is really necessary. If Bluetooth is deactivated, “nRootTag” will not work.