I lost my phone like a dufus about a two weeks ago. Battery died and I had no idea where it was. When I pulled the my google location history, it was too coarse to tell me anything other than 'at your house'. However, I was able to pull the raw data from google and post process it by time stamp into a series of rasters that were fine enough for me to see that the phone was definitely in the bedroom/ bathroom area. After processing my data, finding my phone took all of a minute.
My car got broken into and my iPad nicked. I was able to locate that, however, the cops here in NZ were really unhelpful.
They said the GPS location wouldn't be sufficient for a search warrant as they have had many cases of false positives.
I said I would give the ssid and ip address of their wifi network, even then they wouldn't agree for a raid.
It was only when the thief (who was a minor) took the pic of his family member, which I then furnished to the police (via iCloud), they could do something.
Wondering what good is technology, if the law takes a while to catchup, well at least here in NZ.
It's not just NZ. Police in the US are no better. In the Dallas PD, the detective assigned to the case when our house was burgled would not respond to emails sent to him providing evidence. After reaching out through other avenues to reach the detective, he flat out responded with being too busy to read emails. The case went uncleared. However, a few weeks later, there was a random call saying they found an iPad reported as lost/stolen and would be willing to return it for a small finder's fee. Again, the police refused to assist during the meet up.
Funnily in the UK I got Oxford police to enter a house based on GPS and ssid and me remotely setting a loud alert on the phone. The robber sadly smashed it though while being apprehended.
I can definitely see the point regarding GPS location, I remember an article about people living at some default coordinates suffering from something like daily or weekly police raids.
Can this be used as essentially 100% effective anti-theft?
If an Apple device is constantly emitting a BLE beacon code that can't effectively be changed in any way by a thief...
...then unless a thief keeps the device in their basement and never has anybody visit, your stolen device will almost certainly be detected sooner or later, and then you just call the police?
Even if the thief has sold it by that point and disappeared, if local law means the stolen good reverts to you, then people would quickly learn never to purchase any phone there's even a chance of having been suspiciously acquired.
Thieves already know that stolen iPhones are usually not operable. Even with the old Find My iPhone, even after the device has been wiped, only the original owner can activate it again. So these stolen phones are usually broken down, with parts sold separately.
The problem I see with this is that your phone always has to be broadcasting the BLE beacon, regardless of if it is lost or not. Otherwise it could randomly end up lost in a place with poor/no service... and would never be found
For phones, how often is this really an issue? Sure, this is useful for the Tile type "dumb" devices... but if my phone has no cell or data service... it's probably because the battery is dead.
Some people have hypothesized that this isn't necessarily for finding phones. This might be about using phones (and iPads, Apple Watches, MacBooks, etc.) to create a network like the one used by the Tile product for finding wallets, keys, etc. This could be a product Apple unveils in September.
Complete speculation here, but I wouldn't be surprised if devices could keep broadcasting the ping after they're "dead". Tiles last for years without charging, so I bet if Apple can leave on only the bluetooth beacon after the battery drains past where it can power the rest of the phone then this would be doable.
Again complete speculation, I have zero clue if the current hardware is even capable of doing this.
Given how little power it takes to operate something like a Tile, maybe the beacon will continue operating for quite a while after the battery is too low to operate the whole phone.
Apple is highly averse to having your phone send out any BLE beacon all the time. Likely what they will do is the following:
1) The iPhone will be considered the "master" (aka BLE Central device)
2) All of your devices that you enroll in your "find my" service will be required to sending out a periodic BLE beacon or a similar bluetooth packet (BLE peripheral device)
3) The iPhone will periodically listen for BLE beacons and upon receiving that beacon it has 3 options:
->option 1, save the time/location when it saw that beacon
->option 2, scan the device with a BLE "scan request" operation which asks the device to provide more information -- it provides the "scan response" packet which can and often is different from the main advertisement packet
->option 3, connect to the device and query further information like your macbook battery level and maybe other info
For option 1, the iPhone never needs to send a packet ever and will simply have its BLE RX radio stage on listening for advertisement packets -- which are sent in clear text for anybody to listen to. The RX stage is listening periodically and works on a statistical basis where if the beacon side is transmitting very rarely then you can easily miss the beacon.
So.. what you should take away from this is that highly likely Apple will only allow the iPhone to be the master and all of your other devices will be periodically sending out beacons. So if you have this enabled and you walk around with your iPad Pro and your iPhone together and people sniff bluetooth packets, they can track when you walk down the sidewalk past you every day. For example if you live near a busy street in New York or something, start sniffing for bluetooth packets and you'll find tons of stuff. Tons.. most of it is random bluetooth headphones, but pretty soon it will be iPad Pro's.
Don’t think phone. In the keynote I think they showed it with a Mac, which isn’t available with cell service. Or as someone else mentioned maybe you have an iPad without cellular.
Basically anyone who runs the Milwaukee One Key app will watch for signals from tools and other devices with the One Key transmitter and upload the location. So if your tool is stolen and comes within range of someone running the One Key app the location should get uploaded.
> generate the list of pseudonyms from a single short “seed” that both Timmy and Ruth will keep a copy of. This is nice because the data stored by each party will be very small. However, to find Timmy, Ruth must still send all of the pseudonyms — or her “seed” — up to Apple, who will have to search its database for each one.
I would imagine something along the lines of TOTP would provide a better mechanism here. There would be no need to scan a whole list of pseudonyms, and the BLE would rotate the identifier it transmits frequently. The lassie device can include GPS timestamps when it reports the device to apple.
>can use a single [private] key regardless of which randomized version of her public key was used to encrypt.
I have not seen this before. Trying to wrap my brain around how this works. In terms of ECC I thought public and private were a single pair. Can anyone explain what is going on with public key randomization?
You can derive a new public key from someone's ECC public key, and they can derive the corresponding private key by applying the same transformation. It's somewhat magical! I wouldn't be surprised if Apple is using a scheme based on this instead of ElGamal, they already use ECC extensively.
Warning: this is baseless speculation from someone with only a semester of cryptography experience.
If you asked me to implement "randomized public keys" I would generate a master key pair (MPUB and MPRIV). Then, I would combine MPRIV and a random value N in a one-way function to make a new key K. I would use K as effectively a "random public key" and use it as if it was MPUB (the one-way function would have to output a K that is in the same format / usable like MPUB). I would distribute N along with K, as N is useless without MPRIV.
I have no idea if that is how they did it but that's what comes to mind.
Just speculating but would something like random_key=hash(static_key + datetime) work? static_key is pre-shared between cloud and device and datetime is also known by both device and cloud if rounded down to some accuracy.
The article gives the example of El Gamal encryption [1]. Looking at the key generation section, it seems like you could keep a single (q, x) pair and create a new (G, g, h) for the same x.
I designed a similar system a few years back to provide proof-of-presence. Imagine a block chain of devices at locations (an alibi lets say). All devices are miners and only devices in your vicinity (think BLE) can "confirm" "transactions" (your presence) on the chain.
As with anything public + blockchain it had all the Cryptoeconomics incentives problems you would expect and I never solved them.
Finding a lost device has much lower stakes than proving an alibi in court so I see how this model would work.
A potential concern - does this system implement forward secrecy? Is that even possible?
The threat I'm thinking of is some organisation that is able to crack the private key at some point in the future and therefore able to work out where you have been in the past.
Of course, the phone's location in the recent past is exactly what this system is designed to produce. Would it be possible to rekey the connection on a regular/opportunistic basis?
Can the signal be jammed? Or simply put the stolen device in a metal box.
As for the tracking: I really like the idea. However, in my country finding your device isn't the issue, it is getting it back that's the problem. Police won't go and enter the particular house were your device is.
Nice article, and also nice application of cryptography. I hope Google and Apple will both compete and challenge each others about inventive ways to defend people privacy, both at the hardware and software levels
How is that going to work? All communication that you initiate must be active. The only passive option would be broadcasts like TV or radio stations, but that’s not particularly useful if you want to view a specific website.
TLDR; The idea of the new system is to turn Apple’s existing network of iPhones into a massive crowdsourced location tracking system. Every active iPhone will continuously monitor for BLE beacon messages that might be coming from a lost device. When it picks up one of these signals, the participating phone tags the data with its own current GPS location; then it sends the whole package up to Apple’s servers.
Okay, so this would make it insanely easy to stalk any iPhone user.
1. Get BLE tracking tags, and register them with Find My.
2. Covertly attach the BLE tracking tags to things your target owns (backpacks, cars, bikes, etc).
3. You constantly get updates on your tags locations via their iPhone and other iOS devices near the BLE tag(s). This gives you their approximate location and movement history, facilitated primarily through their own iPhone and data plan.
> The good news is that Apple claims that their system actually does provide strong privacy, and that it accomplishes this using clever cryptography.
But that does nothing to protect your privacy against Apple.
I already have to make sure that I disable WiFi and Bluetooth when I enter commercial establishments. Now I have to stop using Bluetooth whenever I leave my house?
Why do you do that? All Apple devices generate randomized MAC addresses for networks that they haven't connected to, so they shouldn't be able to track you. In addition, no other actors will be able to gain useful information from the bluetooth pings, they simply forward the encrypted data to Apple. All they can tell is that an Apple device exists nearby, but not who owns it or if they've seen the same device before.
If you're talking about apps on your phone tracking you by looking at nearby wifi networks, then Apple also fixes that in iOS 13.
[+] [-] RosanaAnaDana|6 years ago|reply
I lost my phone like a dufus about a two weeks ago. Battery died and I had no idea where it was. When I pulled the my google location history, it was too coarse to tell me anything other than 'at your house'. However, I was able to pull the raw data from google and post process it by time stamp into a series of rasters that were fine enough for me to see that the phone was definitely in the bedroom/ bathroom area. After processing my data, finding my phone took all of a minute.
[+] [-] mehrdadn|6 years ago|reply
[+] [-] raxxorrax|6 years ago|reply
[+] [-] lawrenceyan|6 years ago|reply
[+] [-] rmorey|6 years ago|reply
[+] [-] zed88|6 years ago|reply
My car got broken into and my iPad nicked. I was able to locate that, however, the cops here in NZ were really unhelpful.
They said the GPS location wouldn't be sufficient for a search warrant as they have had many cases of false positives.
I said I would give the ssid and ip address of their wifi network, even then they wouldn't agree for a raid.
It was only when the thief (who was a minor) took the pic of his family member, which I then furnished to the police (via iCloud), they could do something.
Wondering what good is technology, if the law takes a while to catchup, well at least here in NZ.
[+] [-] dylan604|6 years ago|reply
[+] [-] robk|6 years ago|reply
[+] [-] bo1024|6 years ago|reply
[+] [-] erikpukinskis|6 years ago|reply
Is trespassing to retrieve stolen property still trespassing?
[+] [-] crazygringo|6 years ago|reply
If an Apple device is constantly emitting a BLE beacon code that can't effectively be changed in any way by a thief...
...then unless a thief keeps the device in their basement and never has anybody visit, your stolen device will almost certainly be detected sooner or later, and then you just call the police?
Even if the thief has sold it by that point and disappeared, if local law means the stolen good reverts to you, then people would quickly learn never to purchase any phone there's even a chance of having been suspiciously acquired.
Am I missing something here?
[+] [-] kccqzy|6 years ago|reply
[+] [-] tinymint|6 years ago|reply
[+] [-] kelnos|6 years ago|reply
[+] [-] scarejunba|6 years ago|reply
[+] [-] ShakataGaNai|6 years ago|reply
For phones, how often is this really an issue? Sure, this is useful for the Tile type "dumb" devices... but if my phone has no cell or data service... it's probably because the battery is dead.
[+] [-] Uehreka|6 years ago|reply
[+] [-] ladberg|6 years ago|reply
Again complete speculation, I have zero clue if the current hardware is even capable of doing this.
[+] [-] president|6 years ago|reply
[+] [-] rootusrootus|6 years ago|reply
[+] [-] Slippery_John|6 years ago|reply
* I lost the phone hiking somewhere with no signal
* I lost the phone / it was stolen while in airplane mode
* I lost the phone while traveling abroad without any local service
This finding service will work for wifi-only ipads, wifi-only apple watches, and macbooks in addition to the likely tracking tokens.
[+] [-] xt00|6 years ago|reply
1) The iPhone will be considered the "master" (aka BLE Central device)
2) All of your devices that you enroll in your "find my" service will be required to sending out a periodic BLE beacon or a similar bluetooth packet (BLE peripheral device)
3) The iPhone will periodically listen for BLE beacons and upon receiving that beacon it has 3 options:
->option 1, save the time/location when it saw that beacon
->option 2, scan the device with a BLE "scan request" operation which asks the device to provide more information -- it provides the "scan response" packet which can and often is different from the main advertisement packet
->option 3, connect to the device and query further information like your macbook battery level and maybe other info
For option 1, the iPhone never needs to send a packet ever and will simply have its BLE RX radio stage on listening for advertisement packets -- which are sent in clear text for anybody to listen to. The RX stage is listening periodically and works on a statistical basis where if the beacon side is transmitting very rarely then you can easily miss the beacon.
So.. what you should take away from this is that highly likely Apple will only allow the iPhone to be the master and all of your other devices will be periodically sending out beacons. So if you have this enabled and you walk around with your iPad Pro and your iPhone together and people sniff bluetooth packets, they can track when you walk down the sidewalk past you every day. For example if you live near a busy street in New York or something, start sniffing for bluetooth packets and you'll find tons of stuff. Tons.. most of it is random bluetooth headphones, but pretty soon it will be iPad Pro's.
[+] [-] taneq|6 years ago|reply
It could have an X-hour "deadman timer" after which if it still hasn't successfully phoned home and been told it's not lost, it starts pinging?
[+] [-] MBCook|6 years ago|reply
It would be useful for those.
[+] [-] graton|6 years ago|reply
https://www.milwaukeetool.com/OneKey
Basically anyone who runs the Milwaukee One Key app will watch for signals from tools and other devices with the One Key transmitter and upload the location. So if your tool is stolen and comes within range of someone running the One Key app the location should get uploaded.
[+] [-] snarf21|6 years ago|reply
[+] [-] Skunkleton|6 years ago|reply
I would imagine something along the lines of TOTP would provide a better mechanism here. There would be no need to scan a whole list of pseudonyms, and the BLE would rotate the identifier it transmits frequently. The lassie device can include GPS timestamps when it reports the device to apple.
[+] [-] SlowRobotAhead|6 years ago|reply
I have not seen this before. Trying to wrap my brain around how this works. In terms of ECC I thought public and private were a single pair. Can anyone explain what is going on with public key randomization?
[+] [-] Scaevolus|6 years ago|reply
https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...
[+] [-] philipkiely|6 years ago|reply
If you asked me to implement "randomized public keys" I would generate a master key pair (MPUB and MPRIV). Then, I would combine MPRIV and a random value N in a one-way function to make a new key K. I would use K as effectively a "random public key" and use it as if it was MPUB (the one-way function would have to output a K that is in the same format / usable like MPUB). I would distribute N along with K, as N is useless without MPRIV.
I have no idea if that is how they did it but that's what comes to mind.
[+] [-] Too|6 years ago|reply
[+] [-] xvector|6 years ago|reply
[+] [-] ryanmarsh|6 years ago|reply
As with anything public + blockchain it had all the Cryptoeconomics incentives problems you would expect and I never solved them.
Finding a lost device has much lower stakes than proving an alibi in court so I see how this model would work.
[+] [-] freen|6 years ago|reply
[+] [-] mjlee|6 years ago|reply
The threat I'm thinking of is some organisation that is able to crack the private key at some point in the future and therefore able to work out where you have been in the past.
Of course, the phone's location in the recent past is exactly what this system is designed to produce. Would it be possible to rekey the connection on a regular/opportunistic basis?
[+] [-] zone411|6 years ago|reply
[+] [-] sebazzz|6 years ago|reply
As for the tracking: I really like the idea. However, in my country finding your device isn't the issue, it is getting it back that's the problem. Police won't go and enter the particular house were your device is.
[+] [-] ascorbic|6 years ago|reply
[+] [-] antpls|6 years ago|reply
[+] [-] m463|6 years ago|reply
I would like 100% passive bluetooth. (and wifi, and nfc)
[+] [-] Xylakant|6 years ago|reply
[+] [-] imhoguy|6 years ago|reply
Lassie's help needs to have some limits otherwise it may quickly drain batteries or mobile plans especially in roaming.
[+] [-] shitals|6 years ago|reply
[+] [-] Grovewe12|6 years ago|reply
[deleted]
[+] [-] kohtatsu|6 years ago|reply
[+] [-] RIMR|6 years ago|reply
1. Get BLE tracking tags, and register them with Find My.
2. Covertly attach the BLE tracking tags to things your target owns (backpacks, cars, bikes, etc).
3. You constantly get updates on your tags locations via their iPhone and other iOS devices near the BLE tag(s). This gives you their approximate location and movement history, facilitated primarily through their own iPhone and data plan.
[+] [-] JohnFen|6 years ago|reply
But that does nothing to protect your privacy against Apple.
I already have to make sure that I disable WiFi and Bluetooth when I enter commercial establishments. Now I have to stop using Bluetooth whenever I leave my house?
[+] [-] ladberg|6 years ago|reply
If you're talking about apps on your phone tracking you by looking at nearby wifi networks, then Apple also fixes that in iOS 13.
[+] [-] berbec|6 years ago|reply
1: https://support.apple.com/en-us/HT208086
[+] [-] xvector|6 years ago|reply
Absolutely not true. This is E2EE. This is the whole point of the article.