Apple's Find My Feature Requires Two Devices, Boasts Extreme Security Safeguards

A report on Wednesday digs deep into Apple's new Find My service, an upcoming iOS 13 and macOS Catalina feature that leverages encrypted crowdsourced data to pinpoint the location of a missing or stolen iPhone, iPad or Mac. 

Apple SVP of Software Engineering Craig Federighi unveiled Find My onstage at the Worldwide Developers Conference on Monday, touting the new tool's ability to track the location of iOS 13 and macOS Catalina devices even when they are offline. 

A high level overview of the technology revealed Apple is leveraging its massive user install base to power Find My. Target devices send out Bluetooth beacon signals that are picked up by nearby iOS or Mac machines, which relay the identifier and their own location information back to Apple for later perusal by Find My users. 

The entire process, from beacon generation to crowdsourced location data gathering, is automated, encrypted and designed in such a way that disallows bad actors — and Apple itself — from snooping on unsuspecting device owners. 

When setting up Find My, the at least two Apple products generate a cryptographically strong private key that is shared between registered devices through end-to-end encrypted communication. This key is stored locally, presumably in iPhone's Secure Enclave or Mac's T2 chip, for later use. 

The Bluetooth beacon is broadcast to nearby devices, which automatically pick up the signal, intertwine their own location using the public key and send this information along with a hash of the public key to Apple's servers. 

With the data stored in Apple's cloud, users looking for a lost device open Find My on a second Apple device to conduct a search. The second device sends a hash of its own public key to the cloud, which is matched with the stored beacon key. How, exactly, Apple is able pair two rotating public keys is at this point unknown. 

Finally, Apple transmits the encrypted location of the lost device down to Find My user devices, which decrypt the information using the stored private key. 

Find My debuts with iOS 13 and macOS Catalina this fall.

Source: Appleinsider