Threat actors could leverage Apple's "Find My" location network used for locating lost Apple devices to facilitate the exfiltration of keylogger-stored information, BleepingComputer reports.
Positive Security researchers who developed a proof-of-concept hardware device integrating an ESP32 Bluetooth transmitter-equipped keylogger into a USB keyboard discovered that any keyboard-inputted data could be transmitted using the Find My network. Such an attack, which is significantly stealthier than WLAN keyloggers and Raspberry Pi devices due to Bluetooth transmission, also does not require an AirTag for the keylogger to function, according to the study reported on Heise.
The findings also showed 26 characters per second transmission rate and 7 characters per second reception rate for the PoC attack, which was also noted to have latency ranging from a minute to an hour based on Apple device coverage near the keylogger.
Apple has yet to respond to queries regarding the PoC attack leveraging its "Find My" location network.
