In a bid to curb AirTag misuse, Apple has implemented measures to notify users when an AirTag remains in their vicinity for an extended period without its paired iPhone nearby.
However, researchers from Johns Hopkins University and the University of California propose a cryptographic solution to address the AirTag’s shortcomings, while ensuring maximum privacy for legitimate users (via Wired).
The original “Find My” system employed a combination of public and private cryptographic keys to manage the location tracking of AirTags.
To thwart prolonged tracking attempts, Apple initially designed the system to rotate the public device identifier every 15 minutes. While effective in safeguarding privacy, this approach inadvertently facilitated abusive deployments of AirTags.
In response, Apple adjusted the system to decrease identifier rotation, allowing the public identifier to change only once every 24 hours when the AirTag is away from its paired Apple device.
However, this alteration inadvertently led to AirTags intermittently broadcasting their location within a 30- to 50-foot radius throughout the day.
This duration proved sufficient for potential trackers to gather information about an individual’s movements, raising privacy concerns.
Matt Green, a cryptographer at Johns Hopkins, explained their research findings. Students walked through various cities, revealing numerous AirTags broadcasting locations, with a majority potentially not linked to stalking activities.
While Apple collaborated with major tech companies to address tracking threats from similar products, the researchers felt the need for a solution that better balanced both privacy and safety.
The researchers devised a cryptographic strategy leveraging “secret sharing” and “error correction coding” to create a mechanism allowing smartphones to identify suspicious AirTags under specific conditions.
The team submitted their findings to Apple and notified the industry consortium, awaiting potential implementation. Green highlighted the potential of cryptographic solutions to resolve conflicting privacy and safety concerns
The industry eagerly anticipates Apple’s response regarding the adoption of these security enhancements.
