Overnight, Apple has turned its hundreds-of-million-device ecosystem into the world's largest crowd-sourced location tracking network called offline finding (OF). OF leverages online finder devices to detect the presence of missing offline devices using Bluetooth and report an approximate location back to the owner via the Internet. While OF is not the first system of its kind, it is the first to commit to strong privacy goals. In particular, OF aims to ensure finder anonymity, untrackability of owner devices, and confidentiality of location reports. This paper presents the first comprehensive security and privacy analysis of OF. To this end, we recover the specifications of the closed-source OF protocols by means of reverse engineering. We experimentally show that unauthorized access to the location reports allows for accurate device tracking and retrieving a user's top locations with an error in the order of 10 meters in urban areas. While we find that OF's design achieves its privacy goals, we discover two distinct design and implementation flaws that can lead to a location correlation attack and unauthorized access to the location history of the past seven days, which could deanonymize users. Apple has partially addressed the issues following our responsible disclosure. Finally, we make our research artifacts publicly available.
翻译:苹果在一夜之间将其数以亿计的生态系统转化为世界上最大的众源定位跟踪网络,称为离线发现。 利用在线发现器设备,利用蓝牙检测缺失的离线装置的存在,并通过互联网向拥有者报告大致位置。 虽然它不是首个此类系统,但它是第一个致力于强度隐私目标的系统。 特别是, 目的是确保发现者匿名性、 无法追踪所有者装置和定位报告保密性的目标。 本文是第一个关于安全和隐私的全面分析。 为此,我们通过反向工程手段恢复了封闭源协议的规格。 我们实验性地显示,未经授权访问定位报告可以准确跟踪和检索用户的顶部位置,误差大约在城市地区10米左右。 虽然我们发现设计达到其隐私目标,但我们发现两个不同的设计和实施缺陷可能导致定位相关攻击和未经授权访问过去7天的定位历史,从而可以消除用户的匿名性。 最后,我们发现,未经授权访问该定位报告有助于准确跟踪并检索用户的定位信息。 苹果公司已经部分解决了我们接下来的公开研究问题。