Tuesday, May 16, 2023

Detecting Unwanted Location Trackers

Apple:

Apple and Google jointly submitted a proposed industry specification to help combat the misuse of Bluetooth location-tracking devices for unwanted tracking. The first-of-its-kind specification will allow Bluetooth location-tracking devices to be compatible with unauthorized tracking detection and alerts across iOS and Android platforms. Samsung, Tile, Chipolo, eufy Security, and Pebblebee have expressed support for the draft specification, which offers best practices and instructions for manufacturers, should they choose to build these capabilities into their products.

[…]

The specification has been submitted as an Internet-Draft via the Internet Engineering Task Force (IETF), a leading standards development organization. Interested parties are invited and encouraged to review and comment over the next three months. Following the comment period, Apple and Google will partner to address feedback, and will release a production implementation of the specification for unwanted tracking alerts by the end of 2023 that will then be supported in future versions of iOS and Android.

Nick Heer:

In other words, this spec should prevent people from needing to install a bunch of proprietary detection apps. How a device differentiates between legitimate and creepy uses of trackers is something left to a platform’s “unwanted tracking algorithms”.

Juli Clover (Hacker News):

The New York Police Department (NYPD) is encouraging New York car owners to install Apple AirTags in cars in order to cut down on car theft in the city.

[…]

In an accompanying press conference on Sunday, New York City mayor Eric Adams said that the city will provide 500 free AirTags to car owners. According to CBS News, the AirTags are available to residents in Castle Hill, Soundview, and Parkchester, as these areas have seen a 548 percent increase in stolen Hyundai and Kia vehicles.

John Gruber:

This is a case where, ideally, you’d want FindMy (or Apple’s Tracker Detect app for Android) not to notify a potential thief that they’re being tracked by an unknown-to-them AirTag. But we can’t have it both ways. There’s no magic way to mark your AirTag as not being used for stalking.

Previously:

1 Comment RSS · Twitter · Mastodon

Marc Stibane

"If you outlaw encryption, only outlaws will have encryption"

The Technische Universit├Ąt Darmstadt made a detector app for trackers which not only can detect AirTags and other Apple-FindMy compatible trackers, but also Samsung SmartTags or Tiles.
https://apps.apple.com/app/id1659427454
It is free, the source is here: https://github.com/seemoo-lab/AirGuard-iOS

This comes from the guys who made OpenHaystack first, an open source framework to build untrackable trackers which scramble their ID(s) so Apple's code doesn't see ONE tracker following you for a long time (and thus will alert you - and thieves, of course), but many different trackers for a short time each - therefore will NOT alert the thief (but neither a tracked person).
https://github.com/seemoo-lab/openhaystack

As long as Apple doesn't sign tracker IDs with a private key, they cannot detect that all those different IDs belong to the same tracker and engage the you-are-being-tracked warning.
==> Only nerds will have usable theft trackers.

Leave a Comment