Apple has promised to open its Find My app to third-party manufacturers. But ahead of time, there is a new tool that allows everyone to create their own Bluetooth tracking tag to use with the Find My network so they can track its location. OpenHaystack is a new open source resource developed by security researchers at the Secure Mobile Networking Lab, which effectively reversed the way Apple devices register themselves in the Find My mesh network.
In short, this is a way to create your own DIY AirTags today.
OpenHaystack works through a custom Mac app that can be used to track the location of the custom labels you create. Currently, the tool has direct support for making a shell using the BBC micro-bit computer, although other Bluetooth Low Energy (BLE) device support may be added by other developers in the future. Once registered with Apple’s Find My Network, the OpenHaystack app can report the location of the label, just as Apple’s Find My app works for iPhones and other Apple devices.
The whole system is a bit of a hack – in the sense that it’s complex, not in the sense that it’s actually hacking something. It uses a plug-in for Apple Mail (which verifies you as a true Apple user) to gain the necessary access to Apple’s Find My Network to create and locate the keys – so Mail must run to make OpenHaystack work .
There also does not appear to be any serious security implications for the Find My network (although the team has submitted other bug reports to Apple). However, this does not mean that you should just start using OpenHaystack. There is an important indemnity of the project:
OpenHaystack is experimental software. The code is untested and incomplete. For example, OpenHaystack labels used by our firmware send out a fixed public key and can therefore be followed by other devices in the vicinity (this may change in a future version). OpenHaystack is not affiliated with or endorsed by Apple Inc.
A high-level understanding of how the Find My security model works also helps to understand why OpenHaystack is possible.
Find my works using a combination of public and private keys. Every Apple user has access to the public keys for devices on the Find My network, but you need the private key to access location information. This means that not even Apple has access to your location information without your private keys. The network is possible because Apple devices detect the public keys, but only users can get location data from private keys.
:format(webp):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22345345/FindMyOverview.png)
What OpenHaystack does is create one of those public / private key pairs for your own Bluetooth tag and use Apple Mail to register it in the Find My network. To Apple, it looks just like another iPhone. The Mac app accesses the public key database, associates it with the private key you created, and bam: secure location data.
From the way it’s designed, it seems like it might be difficult for Apple to easily cut off OpenHaystack without also cutting off a bunch of older Apple devices. However, it’s also true that Apple as a business does not like the whole thing and may be trying to find a way to block it. A developer can use the system to create a way to add Android devices to the Find My network.
The team behind OpenHaystack wrote a paper outlining its methods and a security bug that has now been fixed. It has also released the source code for its firmware, which other developers can use to customize OpenHaystack with other BLE devices.
Apple’s official support for third-party accessories is yet to come. Belkin has already announced a set of earbuds that will support Find My. Given how complicated the setup of OpenHaystack is, it probably won’t get mass adoption. It looks in some ways like AirMessage and Beeper, two tools that Mac tools use to convert iMessages to Android devices. Apple’s ecosystem is locked in several ways, but the Mac is finding a way.