Apple's "Find My" location network can be abused by malicious actors to stealthily transmit sensitive information captured by keyloggers installed in keyboards.
The Find My network and application is designed to help users locate lost or misplaced Apple devices, including iPhones, iPads, Macs, Apple Watches, AirPods, and Apple Tags.
The service relies on GPS and Bluetooth data crowd-sourced from millions of Apple devices worldwide to find devices reported as lost or stolen, even if those are offline.
Lost devices send Bluetooth signals in a constant loop detected by nearby Apple devices, which then anonymously relay their location to the owner through the Find My network.
The potential to abuse Find My to transmit arbitrary data besides just device location was first discovered by Positive Security researchers Fabian Bräunlein and his team
over two years ago, but apparently, Apple addressed this problem.
The analysts have even
published their implementation on GitHub, called 'Send My,' which others can leverage for uploading arbitrary data onto Apple's Find My network and retrieving it from any internet-enabled device anywhere in the world.
