As is par for the course, Apple announced a ton of new features that will be coming along with brand new versions of its various operating systems. And while the company takes time on stage during the WWDC keynote to go over many details, not everything can be covered with the time allowed. But that’s why Apple executives are more than willing to shed some details after the keynote.
One of the many new features that Apple announced earlier this week is “Find My”, an all-in-one iCloud-based tool that’s meant to help Apple device owners find their lost items. Find My will be replacing “Find My Friends” and “Find My iPhone” on iOS devices, while on macOS it will be introduced in a brand new, dedicated “Find” app. This app will not only let you find a lost iOS device, but also your Mac — even when it’s closed and not active.
This ability to locate devices when they’re not connected to a Wi-Fi or cellular network actually extends to iOS devices, too. It all comes down to Bluetooth technology, with an additional assist from other Apple devices located near your lost device.
While Apple did talk about Find My during the keynote, it didn’t go into any great detail. Basically hitting the major points and moving on. But WIRED got a few important details after the fact.
The first thing worth noting is the fact that Apple says this particular encryption methodology for the new Find My feature requires “Find My” users to have two different Apple devices. Apple designed these devices to constantly emit an ever-changing public key that makes it possible to upload the device’s geolocation data. Only your other Apple devices, which are linked to your Apple ID and associated with two-factor authorization, can decrypt that data being sent back.
That particular element leads back to Apple’s focus on security and user privacy. The fact that only your own Apple devices, the ones associated with your Apple ID and 2FA, can decrypt that location data from your lost device(s) means that no one else can access that information and learn where your lost device is. Not even Apple.
The original report has a step-by-step process how the system works, as described by Apple itself:
- When you first set up Find My on your Apple devices—and Apple confirmed you do need at least two devices for this feature to work—it generates an unguessable private key that’s shared on all those devices via end-to-end encrypted communication, so that only those machines possess the key.
- Each device also generates a public key. As in other public key encryption setups, this public key can be used to encrypt data such that no one can decrypt it without the corresponding private key, in this case the one stored on all your Apple devices. This is the “beacon” that your devices will broadcast out via Bluetooth to nearby devices.
- That public key frequently changes, “rotating” periodically to a new number. Thanks to some mathematical magic, that new number doesn’t correlate with previous versions of the public key, but it still retains its ability to encrypt data such that only your devices can decrypt it. Apple refused to say just how often the key rotates. But every time it does, the change makes it that much harder for anyone to use your Bluetooth beacons to track your movements.
- Say someone steals your MacBook. Even if the thief carries it around closed and disconnected from the internet, your laptop will emit its rotating public key via Bluetooth. A nearby stranger’s iPhone, with no interaction from its owner, will pick up the signal, check its own location, and encrypt that location data using the public key it picked up from the laptop. The public key doesn’t contain any identifying information, and since it frequently rotates, the stranger’s iPhone can’t link the laptop to its prior locations either.
- The stranger’s iPhone then uploads two things to Apple’s server: The encrypted location, and a hash of the laptop’s public key, which will serve as an identifier. Since Apple doesn’t have the private key, it can’t decrypt the location.
- When you want to find your stolen laptop, you turn to your second Apple device—let’s say an iPad—which contains both the same private key as the laptop and has generated the same series of rotating public keys. When you tap a button to find your laptop, the iPad uploads the same hash of the public key to Apple as an identifier, so that Apple can search through its millions upon millions of stored encrypted locations, and find the matching hash. One complicating factor is that iPad’s hash of the public key won’t be the same as the one from your stolen laptop, since the public key has likely rotated many times since the stranger’s iPhone picked it up. Apple didn’t quite explain how this works. But Johns Hopkins’ Green points out that the iPad could upload a series of hashes of all its previous public keys, so that Apple could sort through them to pull out the previous location where the laptop was spotted.
- Apple returns the encrypted location of the laptop to your iPad, which can use its private key to decrypt it and tell you the laptop’s last known location. Meanwhile, Apple has never seen the decrypted location, and since hashing functions are designed to be irreversible, it can’t even use the hashed public keys to collect any information about where the device has been.
The short of it is this: Find My makes it possible to broadcast a device’s location in a secure fashion. That location is then pinged off other Apple devices that are nearby. That secure geolocation data can then be decrypted only by your other Apple devices, the ones you have secured by 2FA and your own Apple ID. That means no one else can use that broadcasted data to find your lost device.