Finding a misplaced key is sometimes like the proverbial search for the needle in a haystack. Tracking systems such as Apple's “Find My” make it easier: They can be used to track lost Apple devices or items equipped with Bluetooth-based airtags. The open source framework “OpenHaystack”, developed at the TU Darmstadt, now enables hobbyists to create their own Bluetooth tag or to use the framework in any Bluetooth-enabled device. This way, devices from other manufacturers can also be found via the “Find My” network. “OpenHaystack” was developed by a research team at the Secure Mobile Networking Lab led by computer science professor Matthias Hollick.
Create a Bluetooth tag for personal use
The framework is based on Apple's “Find My” network, which Hollick and his team have been exploring for an extended period of time. The entire Apple ecosystem serves as a globally distributed search network to locate lost items and transmit the location to the owner in encrypted form. To do this, a device or Bluetooth tag periodically sends signals that are received by Apple devices belonging to other nearby people. This way, the localization works even if the searched item itself has no connection to the Internet. Apple itself enables the use of the “Find My” network to track its own devices and those of certified manufacturers.
In a demonstration of the OpenHaystack framework, the TU researchers have now shown how this technology can be opened up to any other Bluetooth devices and how users can build their own Bluetooth tag for personal use. The users benefit from the security architecture of “Find My”.
OpenHaystack consists of two components. First, the developers provide a macOS application that can display the last reported location of personal Bluetooth devices. Second, the firmware image allows Bluetooth devices to send signals that make them discoverable by iPhones. Currently, the developers offer a simplified installation of the OpenHaystack firmware for a small number of embedded devices.
Best Demo Award for "OpenHaystack
The researchers explain how to use the framework “OpenHaystack” as a hobbyist in the paper “DEMO: OpenHaystack: A Framework for Tracking Personal Bluetooth Devices via Apple's Massive Find My Network”. At this year's ACM Conference on Security and Privacy in Wireless and Mobile Networks (WiSec'21), Professor Matthias Hollick and his collaborators Alexander Heinrich and Dr. Milan Stute were awarded the Best Demo Award for the work.
The project has already been well received: on GitHub, an Internet platform where software and development projects are presented and experts exchange ideas, the application has been rated with more than 3,000 stars to date – a value that is outstanding for a research prototype.
Anti-tracking app AirGuard aims to prevent misuse
To prevent misuse of the tracking technology, the anti-tracking app “AirGuard” was developed as part of a bachelor thesis supervised at Professor Hollick's research group. It regularly scans the environment and notifies users within an hour if a Bluetooth tag is following them. When the app finds a tag, it can play a sound on it to indicate the tag's whereabouts. Users can then see the locations where the device has tracked them. The goal is to prevent unwanted tracking by others. The app is already available via GitHub and will also be offered via the PlayStore in the future.
The research team's work is being carried out at the intersection of the LOEWE center emergenCITY, which is funded by the state of Hesse, and the National Research Center for Applied Cybersecurity ATHENE. The research center emergenCITY, led by Professor Hollick, is investigating how to improve the resilience of digital cities, where such location-based information is playing an increasingly important role. ATHENE focuses on the security aspects of our digital society.