The Send My exploit can use Apple s locator service to collect and send information from nearby devices for later upload to iCloud servers. Once connected to the internet, the receiving device can then forward the data to an attacker-controlled Apple iCloud server. The method could be used to build a network for internet-of-things sensors or to deplete people’s mobile-data plans over time. The exploit is based on previous research from a team with Technical University of Darmstadt in Germany, who had already reverse-engineered Apple’s Find My network to develop a tool.
Source: https://threatpost.com/apple-find-my-exploited-bluetooth/166121/