News

Tracking down lost keys or stolen bicycles made easy

04/08/2021

ATHENE researchers deliver award-winning open source framework for tracking Bluetooth personal devices

While it was previously possible to track down Apple devices that were thought to have disappeared thanks to the "Find My" tracking app, it is now possible to better locate all kinds of Bluetooth devices - or important objects equipped with them, such as keys, bicycles or suitcases. A research team led by ATHENE researcher and emergenCITY coordinator Prof. Matthias Hollick at TU Darmstadt has developed and published an open-source framework for locating personal Bluetooth devices based on Apple's "Find My Network".

In their demo OpenHaystack, the researchers show how laymen can use this framework in a Bluetooth-enabled device or build their own finder - a so-called Bluetooth-Tag. This finder is then attached to the corresponding device - for example, a keychain or even a bicycle. It periodically sends signals, known as beacons, which are heard by nearby devices and send the location of the supposedly lost device back to the person who owns it.

Thanks to the use of Bluetooth technology, tracking works even when there is no direct connection to the Internet, because the devices of other users help out. Lost items can thus be found again quickly.

The system is based on the so-called Apple "Find My" network, which Hollick and his team have been researching for some time now (see news). Here, the entire Apple ecosystem serves as a globally distributed search device to locate lost items and transmit the location in encrypted form to the person in possession. Apple allows access for its own devices and for devices of certified manufacturers. The OpenHaystack framework developed by the TU researchers now demonstrates how this technology can be opened up to any other Bluetooth devices, benefiting from the "Find My" security architecture.
The demo is presented in the paper DEMO: OpenHaystack: A Framework for Tracking Personal Bluetooth Devices via Apple's Massive Find My Network.

Award for Demo OpenHaystack
For their demo OpenHaystack, the team was awarded the Best Demo Award at this year's ACM Conference on Security and Privacy in Wireless and Mobile Networks.

While the researchers elaborated the concept in writing in their demo paper, the project has already been well received in practice: The cybersecurity researchers have made their application available on GitHub, a network-based service where experts present software and development projects and exchange information with each other. To date, it has been rated with more than 3000 stars - a value that is outstanding for a research prototype: https://github.com/seemoo-lab/openhaystack.

Related research papers
In their paper, "Who can Find My devices?" the research team provided the first public security and privacy analysis of Apple's offline finding system, "Find My," several months ago. They presented the security vulnerabilities described in the paper at the flagship international privacy technologies conference PETS - Privacy Enhancing Technologies Symposium.

The research team's work takes place at the intersection of the LOEWE emergenCITY and ATHENE research centers. emergenCITY investigates how to increase the resilience of digital cities - where such location-based information plays an increasingly important role. ATHENE focuses on the security aspects of our digital society.

show all news