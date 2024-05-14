



May 14, 2024Newsroom Location Tracking / Privacy

Apple and Google on Monday officially announced the rollout of a new feature that will notify users on both iOS and Android if their Bluetooth tracking device is being used to covertly monitor them without their knowledge or consent. .

“This will help reduce the misuse of devices to track belongings,” the companies said in a joint statement, adding that it aims to address “potential risks to user privacy and safety.” added.

The cross-platform solution proposal was first announced by the two tech giants exactly one year ago.

The feature, called “Unwanted Location Tracker Detection” (DULT), is available on Android devices running version 6.0 and above, and iOS devices with iOS 17.5, which officially shipped yesterday.

As part of an industry specification, Android users will now receive a notification that if an unidentified Bluetooth tracked device is detected moving with them over time, regardless of the platform it is paired with, You will receive an alert that says “We are moving together.” On iOS, users can[Item] “We've found something to move with you'' message.

Regardless of the operating system, users who receive such alerts have the option to view the tracker's identifier, play a sound to help find the tracker, and access instructions to disable the tracker.

“This cross-platform collaboration is the first of its kind in the industry to incorporate community and industry input, providing guidance and best practices for manufacturers should they choose to build non-required tracking alert functionality into their products.” said both companies.

This development means that trackers like AirTags are often used by malicious actors for malicious or criminal purposes and are exploited by domestic abusers as nefarious tracking tools to stalk their targets. This was done in response to the report.

A class action lawsuit filed against Apple in October 2023 says AirTags are “one of the most dangerous and terrifying technologies used by stalkers” and uses “real-time location information to track victims.” He argued that it could be used to identify.

Last year, a group of researchers from Johns Hopkins University and the University of California, San Diego devised a cryptographic scheme that provides a better trade-off between user privacy and stalker detection through a mechanism called multi-dealer secret sharing (MDSS). did.

“MDSS extends standard secret sharing to allow multiple dealers with multiple secrets while achieving the novel properties of unlinkability and multi-dealer accuracy,” the scholars wrote. “Abuse-resistant location tracking: Balancing privacy and security in the offline discovery ecosystem,” they wrote in the paper. ”

Apple backport fix for CVE-2024-23296

DULT announces a fix released in March 2024 for a security flaw in the RTKit real-time operating system (CVE-2024-23296) for devices running older versions of iOS, iPadOS, and macOS. This follows Apple's decision to backport it to .

This vulnerability, which allows attackers with arbitrary kernel read and write capabilities to bypass kernel memory protections, is actively exploited in the wild, but there are no technical details regarding the nature of these attacks. Details are unknown at this time.

A patch for this shortcoming is available in the following versions:

Apple's iOS 17.5 update contains flaws in AppleAVD (CVE-2024-27804) and kernel (CVE-2024-27818) that can be exploited to cause unexpected app termination or arbitrary code execution. A total of 15 security vulnerabilities have also been fixed. The same two flaws were resolved in macOS Sonoma 14.5.

