AirTags — Are They Private & Secure?

AirTags — what are they, where are they, when will we get them, but much, much more importantly, how will they work… I mean, exactly, crucially, critically, when it comes to protecting our security and privacy?

Picture it. It’s March or maybe September, whenever Apple thinks enough of us are going out into the world again. You unbox your brand-new AirTags. Simple, elegant, little quarter-sized disks that you can use to put pretty much anything on Apple’s FindMy network. The same network that currently powers Find My iPhone, Find my Mac, and more.

Your iPhone immediately detects them, and you see the pairing interface slide right on up. Animated as always. Just like AirPods. Tap to connect and done.

But what you don’t see, not at all, is that at that very moment, your iPhone generates an elliptic curve P-224 private key pair as well as a symmetric key and stores both in your iCloud Keychain. That’s Apple’s built-in security system, the same one used for accounts and passwords. Then, iCloud syncs it to all your other Apple devices over secure CloudKit. The same way health data and other sensitive information gets synced.

And this is exactly the kind of tech I explain on this channel all the time, so if you’re into it, hit that subscribe button and bell and let’s make this community grow.

Then… then… you put your new AirTag into a keychain case, sold separately, because of course it is, attach it to your house keys, and then just go about living your 2021 life. You know, the second Matrix sequel of years.

Then, maybe in a few days or a week, you double mask up and make a zombie apocalypse-style supply run to the local Quicky Mart, the post office, maybe Big Belly Burgers for some take out, before heading home again, only to discover you’ve lost your house keys.

But, instead of cursing, retracing all your steps, wasting the rest of the day as penance for your folly, you simply fire up the FindMy app on your iPhone, swipe past devices and Friends, land on the AirTags page, see exactly where you left your keys, and go get them.

And that works because, your AirTags have been been broadcasting on Bluetooth Low Energy. Just stealthily, silently, pinging away. Yes, one ping only, at least at a time. They’re not just tags, they’re FindMy Beacons. Pinging away.

And that ping is based on your symmetric key which, because of P-224, is 28 bites, and fits ever so nicely inside the 32-bite packet limit for Bluetooth 5.0.

And because it’s Bluetooth, it doesn’t matter that the AirTag isn’t on Wi-Fi or a cellular network. It’s doesn’t need to get onto the world wide internet. It’s just raising its electromagnetic hand locally. Hyper locally. Within Bluetooth range.

So, wait, if it isn’t on the ‘net, how will you find it? I’ll get to that in a roasting hot minute.

But because it’s Low Energy, it’s also going to have minimal impact on battery life. Which is good. Because a dead AirTag would be much harder to find.

And, even though your AirTag is pinging away like the Red October, it’s being really clever and stealthy about it.

It’s taking your symmetric key and, every 15 minutes, using it to generate a second key based interwoven with the time interval. Then, it derives a third, public key and uses that to un-linkably diversify the actual data in the ping it’s so busy broadcasting out.

To ridiculously over simplify it, it’s like taking the letters of your name, adding all the letters that spell out the time, shaking them all together, then wrapping them up in a new rando lock-box every 15 minutes, and throwing the box into a lake filled with other boxes that are also changing, seemingly at random, every 15 minutes.

You know your name and you have the key to the box and can find it, but good luck to anyone else trying to break in and use it to find you.

And yes, there are still potential security concerns here, and I’ll get to them, but, effectively, this also means that once the world stops ending and we’re all out and about all the time again, shopping malls won’t be able to use the AirTags to log you as you go from store to store, not for longer than 15 minutes, and no one can use it to track your location for anything longer than that either. Not in any place where there’s any density of Bluetooth activity.

But, because most places do have Bluetooth activity, and plenty of it, that’s how the actual FindMy part.. finds.

When someone else, anyone else, with an Apple device comes within Bluetooth range of the AirTag attached to your house keys or whatever, and they’ve also opted-in to the Find My network, they become what’s called a finder.

Then their device, let’s say it’s an iPhone, will pick up the ping, the public key being broadcast by your AirTags, and let Apple know they’ve been found. The process is encrypted and the data is hashed into a lookup index using SHA256 and relayed to Apple using an Elliptic Curve Integrated Encryption Scheme.

So, Apple ends up having your public key and the location where it was broadcast stored for that lookup table.

Now, your identity remains private because the public key doesn’t contain anything about it. It’s just a pseudo-random blob of data. So, the finder has no way of knowing who you are just because they came within range of your AirTag or house keys.

And because this is all happening behind the scenes, the finder doesn’t even know they’re relaying any information to Apple or maybe even that your house keys are there. Not unless they stumble on them completely separately from the Find My system.

Second, if you’re the finder, you don’t have to worry about your privacy either. The location data comes from your iPhone using typical location services — Wi-Fi router mapping, cellular triangulation, assisted GPS, but nothing aside from the location is sent. Nothing that says you’re the one at that location. Nothing to ID you at all. It’s not that you could literally be anyone. You’re no one. As far as the data is concerned, you don’t exist. No one was ever there.

Also, because Bluetooth LE, and things like network coalescence, which basically just means Find My waits to relay the data until the processor and modem are waking up anyway, like to check for messages, there’s very little impact on the finder’s iPhone battery life either. Even if it’s constantly, passively, picking up pings. Just like it would be from AirPods, Apple Watch, AirDrop, or other accessories or features anyway.

And, the Find My network is opt-in. Which means no one has to be a finder and relay AirTags data if they don’t want to. Though the more people that do opt-in literally the better for everyone.

The relay is encrypted from the finder’s device to Apple, so even if somebody bothered to try and eavesdrop on it, all they’d get is that pseudo-random blob. And, since Apple doesn’t have your private key, only your devices do, Apple can’t tell what’s in the blob either. Not that it’s for your device, not what time, and not where. All Apple can do is store the reports as they come in.

But, once you realize you’re missing your keys and you go into the FindMy app to… find them… your iPhone will pull that AirTag’s information from iCloud Keychain and start going back and computing all the 15-minute interval public keys and lookup indexes its generated, and ask Apple’s servers for any matching reports.

If there are any, Apple will send them down, again as encrypted blobs between their servers and your iPhone so no one can listen in, and then your iPhone will decrypt them and show you where your AirTag has been, and when.

So, yeah, about those potential security concerns.

Because some people are legit going to worry that AirTags will be abused by bad actors. That someone with malicious intent could just drop one into your car or gym bag and use it to track you.

But, honestly, very similar products that offer almost exactly the same base functionality, like Tile, have been on the market for years already, never mind the cell phones and full-on James Bond spy kit that we’ve seen in every cheesy TV and movie plot for even longer. But, yeah, once it gets an Apple logo on it, it’s open season in headlines.

Beyond any valid concerns Apple will need to address, and any clickbait I’ll be more than happy to address, you know, the way I do…

You’ll just see the AirTag on your house keys show up in Find My the way your iPhone or iPad or other Apple kit has for years now and, hopefully, you’ll be able to go right back out and pick them up. No frantic calls to families or locksmiths, not with all… this going on as well.

And we know all this because that’s how FindMy has been working since the new network launched back in September of 2019. But thanks to some leaks, including Apple’s own in the various betas, there could also be a super easy, really a new convenience way to track down your tags to the exact inch as well.

Basically, the FindMy app would turn into an augmented reality view finder for you, and you’d be able to just hold it up and scan around for your house keys, and the U1 ultra low band spatial positioning chip in the AirTags, the same as the one in the iPhone 11 and iPhone 12, would light up the exact location for you on the screen. Even if that location was under a car or in a bush or otherwise out of plain sight.