It feels like that can be exploited in some ways. As a first thought it reduces the privacy of the reporting 3rd party phone. I.e. I can leave a fully charged phone in my wife’s car and track her for weeks while she will have the burden to recharge her phone for network/gps power.
A regular gps tracker would need much more energy.
Edit: another scenario, leave it in an isolated hut. If I get a signal, someone is close to the hut.
Edit 2: if I piggy back the protocol and can manipulate the key schedule (chose key A or B) then I can leak one bit of information through the third party phone. The third party phone may be allowed to communicate while my sender isn’t.
Another scenario, leave it in an isolated hut. If I get a signal, someone is close to the hut.
You could do that already with a device, just by making an app that listens for Bluetooth or WiFi traffic. You’d also be able to grab MAC addresses of the nearby phones. Your ‘exploit’ isn’t revealing any more than you can already discover today.
If there’s internet connectivity, and you’re sophisticated enough to be planning Find My iPhone based booby traps, firing off a text message from a contained detector shouldn’t be a challenge
Anecdotally: a friend of mine left his iPad in his wife’s car. When looking for through Find My iPhone, he realized that she’s at her ex-boyfriend’s place. He is married happily to another wife now...
You can already do this with a Tile. Leave a Tile in your wife's car and every phone with the Tile app in her vicinity will report her location to you.
So effectively none. I've never even heard of Tile before this. Leveraging the whole Apple ecosystem for this sounds a lot more promising and will probably kill any competitor that depends on installing an app, even if that supports multiple platforms.
This mechanism is very low power, and it allows making tiny devices that can be used for tracking suspects. Maybe this is actually why they made it (someone asked if they could make it).
Edit: Maybe Apple will introduce tiny key fobs that can be tracked so you can find your keys or other things.
I was wondering why they changed the name, I mean "Find My iPhone" could already find macbooks and ipads but now it sounds like they're going much broader than Apple devices.
That only works if the devices report WHO saw the missing device. If they both report up that the device is in the area ask but don’t say who is making the report then you can’t figure that out.
Apple sees the reporting device’s ip-address. Obviously Apple is in an excellent position to spy you anyway, but the claim that even Apple doesn’t know where the turned off device is doesn’t hold for the reporting devices: Apple can infer which reporting devices are in proximity.
And they possibly even know who the reporting IP is because of iCloud.
But reporting device A and B were in Bluetooth distance to lost device C. Therefore A and B were close together (like a few meters). It’s a huge improvement over A and B were in the same mobile cell.
You can then use the IPs to identify who are A and B.
If you have a subpoena to sniff data to Apple from device X then you can use that to some extent track the location of X by spreading your Tags T_1,...,T_n in interesting places. If X reports T_i you know the location of X, this could be more precise than the usual cell phone tracking because X reports its position with GPS precision.
How long can one plausibly leave a phone in someone's car, asking for location updates the entire time, while claiming not to remember leaving it there?
"I lost it under the seat"?
And the point is it's not actively asking for location updates, which would drain battery. You just leave it with cellular off and it sends the standard Find My pulse over Bluetooth.
A regular gps tracker would need much more energy.
Edit: another scenario, leave it in an isolated hut. If I get a signal, someone is close to the hut.
Edit 2: if I piggy back the protocol and can manipulate the key schedule (chose key A or B) then I can leak one bit of information through the third party phone. The third party phone may be allowed to communicate while my sender isn’t.