
How does Apple privately find offline devices? - kandarpck
https://blog.cryptographyengineering.com/2019/06/05/how-does-apple-privately-find-your-offline-devices/
======
RosanaAnaDana
Total aside, but kinda relevant.

I lost my phone like a dufus about a two weeks ago. Battery died and I had no
idea where it was. When I pulled the my google location history, it was too
coarse to tell me anything other than 'at your house'. However, I was able to
pull the raw data from google and post process it by time stamp into a series
of rasters that were fine enough for me to see that the phone was definitely
in the bedroom/ bathroom area. After processing my data, finding my phone took
all of a minute.

~~~
mehrdadn
This is interesting. By the raw data you mean from Google Takeout, or
something else? Did you have to filter/smooth the data points?

~~~
machinesmachine
Also interested. Could you describe the process?

~~~
RosanaAnaDana
Sure. I pulled my data in the standard takeout.google.com/ process. The result
is a json (? iirc). I parsed the json into x, y, and rasterized it using gdal.

[https://imgur.com/a/ZhyTsDV](https://imgur.com/a/ZhyTsDV)

See I wasn't sure if I lost it in the couch in the living room, the office, or
the bedroom. This got me within a few feet.

~~~
crazygringo
That's amazing, so cool.

Is that something Google's not doing with the data, but could? (E.g. they
don't because their maps don't show most houses precisely enough or whatever,
so it wouldn't be useful?)

Or is it relying on the fact that you are triangulating or similar from the
known exact position of your WiFi routers or similar down to the inch, and
Google doesn't have any way of knowing that?

~~~
Phlarp
Or they do and have internally assessed that it would be too creepy to provide
to users, but are happily using it to better target advertising.

~~~
HALtheWise
Or they have decided that it's too creepy to use at all, so they don't use it
for targeted advertising. Seriously, why does everyone assume that companies
are evilly cackling in volcano lairs? They know that violating user trust is
really expensive and a bad idea.

By the way, I'm pretty sure I've seen that Google's advertising targeting is
only allowed to use "neighborhood level" location, which is designed to be
coarse enough to not allow specifying individual people.

~~~
inetknght
On the other hand, if the information is aggregated to a final answer, why is
the data then kept? What if the _wrong people_ get ahold of the more sensitive
information _because_ the data was kept beyond its useful life?

~~~
eitland
In their defense: it is perfectly fine _with me_ to keep my location data, so
I can download it later and do cool and/or useful things with it as long as

\- it is opt in,

\- it can be deleted by me

\- is not given to anyone else

For all my trashing of Google lately (check my comment history) I actually
expect and belive them to defend my raw data in a way that few others are able
to. It all boils down to incentives:

\- as long as they keep the data between them and me they can sell targeted
ads again and again. If the data leaks then others can skip the middle man.

\- as long as they keep their reputation as nice guys that is an immense
advantage.

Now this might of course be changing, so everyone should consider if they
personally trust this arrangement going for the future:

\- it seems some part of the organization is tightening the screws around the
Chrome team to squeeze out more revenue.

\- of the data is available there is always the risk of attacks both cyber
attacks as well as legal attacks.

~~~
GeekyBear
Describing Google's data collection practices as "opt in" is a bit generous.

>In going through a set of privacy popups put out in May by Facebook, Google,
and Microsoft, the researchers found that the first two especially feature
“dark patterns, techniques and features of interface design mean to manipulate
users…used to nudge users towards privacy intrusive options.”

[https://techcrunch.com/2018/06/27/study-calls-out-dark-
patte...](https://techcrunch.com/2018/06/27/study-calls-out-dark-patterns-in-
facebook-and-google-that-push-users-towards-less-privacy/)

~~~
eitland
> Describing Google's data collection practices as "opt in" is a bit generous.

Maybe it is not clear but I was talking about location history.

At least I think I had to opt in to that at some point.

~~~
GeekyBear
Location history is one of the areas where Google has employed dark patterns.

For example:

>Ways that Google tricks users into sharing location

Android users are pushed through a variety of techniques:

Deceptive click-flow: The click-flow when setting up an Android device pushes
users into enabling “Location History” without being aware of it.

Hidden default settings: When setting up a Google account, the Web & App
activity settings are hidden behind extra clicks and enabled by default..

Misleading and unbalanced information: Users are not given sufficient
information when presented with choices, and are misled about what data is
collected and how it is used. Information about location data being used for
advertising, for example, is hidden away behind extra clicks.

Repeated nudging: Users are repeatedly asked to turn on “Location History”
when using different Google services even if they decided against this feature
when setting up their phone.

Bundling of services and lack of granular choices: If the user wants features
such as Google Assistant and photos sorted by location, Google turns on
invasive location tracking.

[https://www.forbrukerradet.no/side/google-manipulates-
users-...](https://www.forbrukerradet.no/side/google-manipulates-users-into-
constant-tracking)

More alarmingly, when users attempted to turn off location tracking:

>In a wonderfully clear example of “dark patterns” designed to mislead users
and retain control over their data, Google continues tracking your location
even when you turn off Location History and are told that “the places you go
are no longer stored.” Google says it tells users, but its disclosure is the
bare minimum and users are discouraged from further interference with data
collection.

[https://techcrunch.com/2018/08/13/google-keeps-a-history-
of-...](https://techcrunch.com/2018/08/13/google-keeps-a-history-of-your-
locations-even-when-location-history-is-off/)

------
zed88
Well...a bit off topic but kind of relevant.

My car got broken into and my iPad nicked. I was able to locate that, however,
the cops here in NZ were really unhelpful.

They said the GPS location wouldn't be sufficient for a search warrant as they
have had many cases of false positives.

I said I would give the ssid and ip address of their wifi network, even then
they wouldn't agree for a raid.

It was only when the thief (who was a minor) took the pic of his family
member, which I then furnished to the police (via iCloud), they could do
something.

Wondering what good is technology, if the law takes a while to catchup, well
at least here in NZ.

~~~
erikpukinskis
Legally could you go get it, and in the resulting skirmish perhaps attract the
attention of the police?

Is trespassing to retrieve stolen property still trespassing?

~~~
sapphire_tomb
This reminds me of a (probably apocryphal) story a South African friend of
mine told me once about the state of policing down there in the late nineties
/ early noughties.

The story goes that a man wakes up in the middle of the night to the sound of
burglars looting his garage. Given the occurences of aggravated robberies in
SA at the time, often involving guns, he didn't want to confront the
miscreants himself, and so called his local police department.

Apparently since no actual violence had been done at this point, the police-
person to whom he was speaking claimed that they had no free units to come and
attend, and that they'd send a car round in the morning to collect evidence.
At this point the call ended.

The man who was being burgled was understandably unimpressed with this,
thought about what he could do, and then rang the police back.

"Don't worry about the burglars here. I shot them." he says.

Within minutes his house is surrounded by police cars, and the burglars are
under arrest.

The commander of the responding officers says to the man "I thought you said
you shot them?"

The man replies "I thought you said you had no units free?"

~~~
neuronic
With the gist of the story being that "no units free" actually meaning "no
units free _to prioritize a burglary_ ", or what?

An active shooting incident would certainly reshuffle the prio list...

------
crazygringo
Can this be used as essentially 100% effective anti-theft?

If an Apple device is constantly emitting a BLE beacon code that can't
effectively be changed in any way by a thief...

...then unless a thief keeps the device in their basement and never has
anybody visit, your stolen device will almost certainly be detected sooner or
later, and then you just call the police?

Even if the thief has sold it by that point and disappeared, if local law
means the stolen good reverts to you, then people would quickly learn never to
purchase any phone there's even a chance of having been suspiciously acquired.

Am I missing something here?

~~~
kccqzy
Thieves already know that stolen iPhones are usually not operable. Even with
the old Find My iPhone, even after the device has been wiped, only the
original owner can activate it again. So these stolen phones are usually
broken down, with parts sold separately.

~~~
president
They are getting smarter. A family member had their phone stolen and Find My
iPhone reported that the phone was off for months and so she gave up
searching. One day, she got a text on her new phone saying "Find my iPhone has
found your phone, click here to login to Find my iPhone". It turned out to be
a phishing page for her AppleID credentials. She fell for it and I'm assuming
the thieves were able to finally get into her phone. To this day I have no
idea how they were able to get her phone number. From the SIM maybe?

~~~
rampant_ai
> To this day I have no idea how they were able to get her phone number

Guessing here but maybe using "emergency call" and another phone to get the
caller ID?

~~~
dewey
How would that work? I though you can only call emergency numbers from that
mode?

------
ShakataGaNai
The problem I see with this is that your phone _always_ has to be broadcasting
the BLE beacon, regardless of if it is lost or not. Otherwise it could
randomly end up lost in a place with poor/no service... and would never be
found

For phones, how often is this really an issue? Sure, this is useful for the
Tile type "dumb" devices... but if my phone has no cell or data service...
it's probably because the battery is dead.

~~~
ladberg
Complete speculation here, but I wouldn't be surprised if devices could keep
broadcasting the ping after they're "dead". Tiles last for years without
charging, so I bet if Apple can leave on only the bluetooth beacon after the
battery drains past where it can power the rest of the phone then this would
be doable.

Again complete speculation, I have zero clue if the current hardware is even
capable of doing this.

~~~
snazz
The current hardware might not be, but you could run this on a secondary chip
similar in specs to the T2 or Secure Enclave. You could theoretically even
have a second battery specifically for this purpose, but that would likely be
cost-prohibitive.

~~~
etaoins
The T2 chip is a derivative of the A10. It has similar power requirements to
the SOC in modern iPhones.

They could probably use a cut down derivative of the W2 chip used in AirPods
with the audio codec etc. removed. I’m guessing phone batteries reach a point
where they’re still storing energy but can’t provide enough current to safely
boot the whole phone. The BLE chip could sip on the remainder of the battery
for a long time.

~~~
snazz
That sounds reasonable. I had no idea the T2 was that powerful.

~~~
Phlarp
It's also the SSD controller, and quite impressive in that regard.

~~~
photojosh
I bet the T3, whenever that arrives, will be a derivative of the A12 or A13,
and provide the neural network accelerator to MacOS and CoreML.

~~~
Phlarp
This would be excellent. I'm hesitant about the prospect of an ARM based
macbook, but having both seems mighty compelling. As a lower power application
CPU for light usage, or a full x86 with accelerators / co-processors when
needed.

------
graton
Milwaukee Tools (and possibly others) do something similar. Not sure about the
privacy part though.

[https://www.milwaukeetool.com/OneKey](https://www.milwaukeetool.com/OneKey)

Basically anyone who runs the Milwaukee One Key app will watch for signals
from tools and other devices with the One Key transmitter and upload the
location. So if your tool is stolen and comes within range of someone running
the One Key app the location should get uploaded.

~~~
snarf21
Tile meshes the same way.

------
Skunkleton
> generate the list of pseudonyms from a single short “seed” that both Timmy
> and Ruth will keep a copy of. This is nice because the data stored by each
> party will be very small. However, to find Timmy, Ruth must still send all
> of the pseudonyms — or her “seed” — up to Apple, who will have to search its
> database for each one.

I would imagine something along the lines of TOTP would provide a better
mechanism here. There would be no need to scan a whole list of pseudonyms, and
the BLE would rotate the identifier it transmits frequently. The lassie device
can include GPS timestamps when it reports the device to apple.

------
SlowRobotAhead
>can use a single [private] key regardless of which randomized version of her
public key was used to encrypt.

I have not seen this before. Trying to wrap my brain around how this works. In
terms of ECC I thought public and private were a single pair. Can anyone
explain what is going on with public key randomization?

~~~
Scaevolus
You can derive a new public key from someone's ECC public key, and they can
derive the corresponding private key by applying the same transformation. It's
somewhat magical! I wouldn't be surprised if Apple is using a scheme based on
this instead of ElGamal, they already use ECC extensively.

[https://github.com/bitcoin/bips/blob/master/bip-0032.mediawi...](https://github.com/bitcoin/bips/blob/master/bip-0032.mediawiki#conventions)

~~~
snarf21
Interesting, I hadn't thought of using the techniques of deterministic
cryptocurrency wallets to solve this problem. I need to read more about
exactly how they work.

It is also easy to solve this simply using ECC and ECDH. I just wrote a scheme
on the board in the office. It might have slightly larger data payload than
the deterministic wallets approach.

------
ryanmarsh
I designed a similar system a few years back to provide proof-of-presence.
Imagine a block chain of devices at locations (an alibi lets say). All devices
are miners and only devices in your vicinity (think BLE) can "confirm"
"transactions" (your presence) on the chain.

As with anything public + blockchain it had all the Cryptoeconomics incentives
problems you would expect and I never solved them.

Finding a lost device has much lower stakes than proving an alibi in court so
I see how this model would work.

------
freen
This sounds like the perfect infrastructure for a trusted, encrypted P2P mesh
network.

------
mjlee
A potential concern - does this system implement forward secrecy? Is that even
possible?

The threat I'm thinking of is some organisation that is able to crack the
private key at some point in the future and therefore able to work out where
you have been in the past.

Of course, the phone's location in the recent past is exactly what this system
is designed to produce. Would it be possible to rekey the connection on a
regular/opportunistic basis?

------
zone411
Tile has quite a few patents in this area:
[http://patft.uspto.gov/netacgi/nph-
Parser?Sect1=PTO2&Sect2=H...](http://patft.uspto.gov/netacgi/nph-
Parser?Sect1=PTO2&Sect2=HITOFF&p=1&u=%2Fnetahtml%2FPTO%2Fsearch-
bool.html&r=0&f=S&l=50&TERM1=tile&FIELD1=ASNM&co1=AND&TERM2=&FIELD2=&d=PTXT)

------
sebazzz
Can the signal be jammed? Or simply put the stolen device in a metal box.

As for the tracking: I really like the idea. However, in my country finding
your device isn't the issue, it is getting it back that's the problem. Police
won't go and enter the particular house were your device is.

~~~
ascorbic
I'm not sure how useful a device is that has to be kept in a metal box at all
times.

~~~
justwalt
My new startup: Faraday gloves

------
antpls
Nice article, and also nice application of cryptography. I hope Google and
Apple will both compete and challenge each others about inventive ways to
defend people privacy, both at the hardware and software levels

------
m463
Can we turn this off? please?

I would like 100% passive bluetooth. (and wifi, and nfc)

~~~
Xylakant
How is that going to work? All communication that you initiate must be active.
The only passive option would be broadcasts like TV or radio stations, but
that’s not particularly useful if you want to view a specific website.

~~~
berbec
NFC is passive until powered by an external signal. It's very short range, but
it does not require internal power. There could be a longer range version at
some point.

~~~
Xylakant
Yes, but an NFC tag cannot initiate a connection on its own volition. And
that’s very much a feature I like in WiFi: I can actively start downloading
something. A WiFi card that only responds to an external ping is useless.

~~~
m463
I think what berbec is saying is maybe you can locate an NFC device that has a
depleted battery.

That said, I don't know if apple NFC works that way. Apple can use NFC to read
nearby NFC tags, and possibly become an NFC tag, but I don't know if it can
respond in a static way without power.

------
imhoguy
I see lots of poor Lassies in airports, conferencies and generally in crowded
places. Not even mentioning flood or replay attacks.

Lassie's help needs to have some limits otherwise it may quickly drain
batteries or mobile plans especially in roaming.

~~~
randyrand
"Apple's recommended setting of 100 ms advertising interval with a coin cell
battery provides for 1–3 months of life, which increases to 2–3 years as
advertising interval is increased to 900 ms."

iPhone's have about at 10X larger batter than that. So iPhones can do this for
~20-30 years if configured correctly.

~~~
ryanmarsh
If I'm not mistaken the normal self-discharge rate for a phone's lithium ion
battery will exceed the maintenance of BLE advertisement.

------
shitals
TLDR; The idea of the new system is to turn Apple’s existing network of
iPhones into a massive crowdsourced location tracking system. Every active
iPhone will continuously monitor for BLE beacon messages that might be coming
from a lost device. When it picks up one of these signals, the participating
phone tags the data with its own current GPS location; then it sends the whole
package up to Apple’s servers.

------
kohtatsu
The post is speculation; perhaps s/does/might/ or s/does/could/ in the title.

~~~
Fnoord
The title is a question. Which is why it ends with a questionmark. The article
attempts to answer the question with theories. The article isn't written by
Joe Random; it is written by Matthew Green who teaches cryptography at John
Hopkins university.

~~~
helper
Johns* Hopkins.

------
RIMR
Okay, so this would make it insanely easy to stalk any iPhone user.

1\. Get BLE tracking tags, and register them with Find My.

2\. Covertly attach the BLE tracking tags to things your target owns
(backpacks, cars, bikes, etc).

3\. You constantly get updates on your tags locations via their iPhone and
other iOS devices near the BLE tag(s). This gives you their approximate
location and movement history, facilitated primarily through their own iPhone
and data plan.

~~~
dmitrygr
I have no idea how the FindMy BLE system works, but i strongly suspect that
the cheaperst compatible "tag" you will find will be an iPhone. Might get a
tad expensive to do this...

~~~
bdcravens
The potential of low cost tags is in the first paragraph, and an overview of
how the system would work is in the second. My takeaway is that you will be
able to use something far cheaper than an iPhone.

~~~
dmitrygr
Cheap ble tags do NOT use fancy rotated private keys or anything of the like.
At best they use BLE privacy mode. That is as private as the spec gets.

Source: worked on Bluetooth for years

------
JohnFen
> The good news is that Apple claims that their system actually does provide
> strong privacy, and that it accomplishes this using clever cryptography.

But that does nothing to protect your privacy against Apple.

I already have to make sure that I disable WiFi and Bluetooth when I enter
commercial establishments. Now I have to stop using Bluetooth whenever I leave
my house?

~~~
ladberg
Why do you do that? All Apple devices generate randomized MAC addresses for
networks that they haven't connected to, so they shouldn't be able to track
you. In addition, no other actors will be able to gain useful information from
the bluetooth pings, they simply forward the encrypted data to Apple. All they
can tell is that an Apple device exists nearby, but not who owns it or if
they've seen the same device before.

If you're talking about apps on your phone tracking you by looking at nearby
wifi networks, then Apple also fixes that in iOS 13.

~~~
honopu
Did not know this. I figured all those wifi connections I get near stoplights
were slurping up mac addresses to track people. I wonder if it generates a mac
address every single time or just upon first interaction with a wifi network
it doesn't know about?

~~~
gervase
Apparently the initial implementation (iOS 8) randomized it every time the
screen sleeps or wakes. I wasn't able to find any recent documentation
detailing the current behavior - probably similar?

~~~
Operyl
Beginning at the top of page 41:
[https://www.apple.com/business/site/docs/iOS_Security_Guide....](https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf)

``` iOS uses a randomized Media Access Control (MAC) address when conducting
Wi-Fi scans while it isn’t associated with a Wi-Fi network. These scans could
be performed in order to find and connect a preferred Wi-Fi network or to
assist Location Services for apps that use geofences, such as location-based
reminders or fixing a location in Apple Maps. Note that Wi-Fi scans that
happen while trying to connect to a preferred Wi-Fi network aren’t randomized.

.... [continues with all the cases] ```

