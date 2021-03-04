



Apple has promised to publish the Find My app to third-party accessory makers. But before that, there’s a new tool that anyone can create their own Bluetooth tracking tag for use on the Find My network and track its location. OpenHaystack is a new open source tool developed by security researchers at the Secure Mobile Networking Lab. They essentially reverse engineered how Apple devices enroll in the FindMy mesh network.

In short, it’s a way to create your own DIY AirTag today.

OpenHaystack works through a custom Mac app that you can use to track the location of custom tags you create. Currently, this tool provides direct support for creating tracking tags using the BBC micro: bit minicomputer, but support for other Bluetooth Low Energy (BLE) devices will be provided by other developers in the future. May be added by. Once registered on the Apples Find My network, the OpenHaystack app will be able to report the location of tags in the same way that the Apples Find My app works on iPhones and other Apple devices.

The whole system is a bit hacky in the sense that it’s complicated, not in the sense that it’s actually hacking something. Use the Apple Mail plug-in (authenticated as a real Apple user) to get the required access to your Apple Find My network and create and search for keys. Mail must be running for OpenHaystack to work.

The Find My network itself doesn’t seem to have any serious security implications (although the team has submitted other bug reports to Apple). However, this does not mean that you need to go ahead and start using OpenHaystack. The project has an important disclaimer.

OpenHaystack is experimental software. The code has not been tested and is incomplete. For example, an OpenHaystack tag that uses firmware broadcasts a fixed public key so that it can be tracked on other nearby devices (this may change in future releases). OpenHaystack is not affiliated with Apple Inc and is not endorsed by Apple Inc.

A high level understanding of how the “find” security model works can also help you understand why OpenHaystack is possible.

Find your work by combining public and private keys. All Apple users can access the public key of devices in the FindMy network, but they need the private key to actually access their location. This means that even Apple can’t access your location without your private key. Apple devices jointly track public keys, so you can network, but only users can get location data from private keys.

How OpenHaystack gets in FindMy network.Image: OpenHaystack

What OpenHaystack does is create one of your public / private key pairs for your own Bluetooth tag and use Apple Mail to register it on your FindMy network. To Apple, it looks like another iPhone. The Mac app then accesses the public key database and pairs it with the created private key to create bam: secure location data.

Given its design, it seems difficult for Apple to easily disconnect OpenHaystack without also disconnecting a bunch of older Apple devices. But it’s certainly true that Apple doesn’t like everything as a company and may try to find a way to stop it. Developers can use this system to create ways to add Android devices to the FindMy network.

The team behind OpenHaystack has written a treatise detailing how to do this and disclosing the security flaws that are currently being fixed. We have also released the source code for the firmware that other developers can use to adapt OpenHaystack to other BLE devices.

Apple’s official support for third-party accessories is still coming. Belkin has already announced a set of earphones that support Find My. Given the complexity of setting up OpenHaystack, it probably won’t be adopted in large numbers. It’s similar in some respects to AirMessage and Pager, two tools that use Mac utilities to redirect iMessage to Android devices. Apple’s ecosystem is locked down in many ways, but the Mac is finding a way.

