ATHENE and emergenCITY researchers provide award-winning open-source framework for locating personal Bluetooth devices

While it was previously possible to track missing Apple devices thanks to the “Where is?” tracking app, it is now possible to locate all kinds of Bluetooth devices – or important items equipped with them, such as keys, bicycles, suitcases. A research team led by ATHENE scientist and emergenCITY coordinator Prof. Matthias Hollick at TU Darmstadt has developed and published an open-source framework for locating personal Bluetooth devices based on Apple’s “Find My Network”.

In their demo OpenHaystack, the researchers show how people can use this framework in a Bluetooth-enabled device or build their own finder – a so-called Bluetooth tag. This finder is then attached to the corresponding device - for example, to a keychain or even a bicycle. It periodically sends signals, known as beacons, which are received by nearby devices and send the location of the supposedly lost device back to the owner. Thanks to the use of Bluetooth technology, tracking works even when there is no direct connection to the Internet, because the devices of other users help out. Lost items can thus be found again quickly.

The system is based on Apple’s “Find My” network, which Hollick and his team have been researching for some time. Here, the entire Apple ecosystem serves as a globally distributed search device to locate lost items and transmit the location to the owner in encrypted form. Apple allows access for its own devices and for devices of certified manufacturers for this purpose. The OpenHaystack framework developed by the TU researchers now demonstrates how this technology can be opened up for any other Bluetooth devices, benefiting from the “Find My” security architecture. The demo is presented in the paper DEMO: OpenHaystack: A Framework for Tracking Personal Bluetooth Devices via Apple’s Massive Find My Network.

Award for demo OpenHaystack

For their demo OpenHaystack, the team was awarded the Best Demo Award at this year’s ACM Conference on Security and Privacy in Wireless and Mobile Networks. While the researchers elaborated on the concept in writing their demo paper, the project has already been well received in practice: The cybersecurity researchers made their application available on GitHub, a network-based service where experts present software and development projects and exchange ideas with each other. To date, it has been rated with more than 3000 stars – a value that is outstanding for a [research prototype](https://github.com/seemoo-lab/openhaystack).

In their paper Who can Find My devices?, the research team provided the first public security and privacy analysis of Apple’s offline finding system “Find My” several months ago. They presented the security vulnerabilities described in the paper at the flagship international privacy technologies conference PETS - Privacy Enhancing Technologies Symposium.

The work of the research team is a collaboration of the research centers LOEWE emergenCITY and ATHENE. emergenCITY is investigating how to increase the resilience of digital cities - where such location-based information plays an increasingly important role. ATHENE focuses on the security aspects of our digital society.