New research has demonstrated a new exploit that enables arbitrary data to be uploaded from devices that are not connected to the Internet by sending “Find My” Bluetooth broadcasts to nearby Apple devices that then upload the data for you. Apple’s encryption protections mean that not only does Apple not know which public keys belong to a specific lost device or AirTag, it also doesn’t have any knowledge of which location reports are intended for a specific user. The research builds on a previous analysis by TU Darmstadt published in March 2021, which disclosed two distinct design and implementation flaws in Apple’s Bluetooth location tracking system.
Source: https://thehackernews.com/2021/05/apples-find-my-network-can-be-abused-to.html