Posted on Jul 27, 2023 9:34:32 AM
Apple's AirTags have revolutionized personal item tracking, emerging as discreet guardians of your belongings. Packed with Bluetooth Low Energy (BLE), Ultra Wideband (UWB), and Near Field Communication (NFC), these tiny dynamos connect your world to your Apple iPad or iPhone.
A pivotal element of AirTags is their seamless integration into Apple's expansive ecosystem, estimated at 2 billion devices. This intricate network constantly scouts for BLE beacons from AirTags, streaming their locations back to Apple's servers. Consequently, users can pinpoint their AirTag-attached items virtually anywhere with an Apple device connection.
Detecting And Countering Unauthorized Tracking
Despite Apple's efforts to avert unauthorized tracking via MAC address randomization and BLE packet encryption, security apprehensions persist. The inherent tracking capabilities of AirTags could potentially transform these convenient devices into silent spies, tracking individuals' movements or mapping out sensitive areas.
Understanding these potential security risks, our team at Epiq wondered: Could our all-encompassing wireless detection and location system, Flying Fox Enterprise (FFE), detect AirTags' silent whispers within secure areas?
Mapping the Invisible Pathways
Navigating through Apple's labyrinth of advanced encryption and MAC address randomization posed a significant challenge. However, during rigorous testing, our engineers uncovered a distinct pattern: the rise and fall of unique Apple-specific MAC addresses, each with a lifespan of roughly 30 minutes. This pattern, once deciphered, served as our breakthrough, verifying FFE's ability to detect the presence of Apple's AirTags within a secure environment.
After setting up a controlled setup equipped with our Flying Fox Enterprise (FFE) system, we began monitoring for possible BLE transmissions. The system employed its wideband RF detection capabilities to capture and dissect the dense traffic of wireless signals. During this rigorous testing, our engineers uncovered a distinct pattern in the clutter. Every Apple-specific MAC address detected by the FFE sensor appeared to have a limited lifespan of roughly 30 minutes. After this period, it would disappear, only to be replaced by a new MAC address in a continuous cycle.
In essence, we were witnessing Apple's MAC address randomization—a clever technique where AirTags switch MAC addresses regularly to evade tracking. However, having decoded the pattern, FFE was able to keep track of these changes, thereby ensuring the constant detection of AirTags in a secured space. Bingo! FFE could detect Apple's AirTags within a secure environment and enable you to execute your mitigation and security plans with confidence. It's not a wild goose chase!
In the following screenshots, we illustrate how FFE users can track the evolving MAC addresses, expected to appear at the same or similar locations as their predecessors.
Displaying Apple devices with 13 and 17 detections, where MAC addresses roll. This is captured in the FFE detection scan event pane.
MAC address from 17 Apple events last detected at about 3:25pm. This MAC address subsequently disappears.
A new Apple MAC address surfaces at 3:26 pm, a minute after the previous MAC address ceased beaconing, and commences its own sequence of beacons.
Riding the Wave of Innovation with Enhanced Security
The ebb and flow of innovation and security is a dance we know well at Epiq Solutions. In our quest to stay ahead, we don’t just anticipate change, but try to stay at the front line, ensuring that security is never compromised, no matter how advanced or discreet the technology.
As you prioritize the safety of your secure environment, our groundbreaking solutions stand ready. Learn more about how FFE is bolstering security measures and you in safeguarding your secure environment from silent threats.
Topics: Flying Fox Enterprise
Amy Devine is the Director of RF Sensing at Epiq Solutions where she leads a team of RF experts developing leading edge products that improve safety and security.