Risky Bulletin Newsletter
March 05, 2025
Risky Bulletin: nRootTag turns any Bluetooth device into an AirTag
Presented by

News Editor
A team of academics has found a way to remotely turn any Bluetooth-capable device into an AirTag tracker.
The technique is named nRootTag and abuses how Apple's FindMy network indexes AirTags and searches for tracked or lost devices.
In normal circumstances, when a user pairs an AirTag to their account, Apple takes the AirTag's Bluetooth signal and generates a cryptographic private-public key pair. When the user wants to find the AirTag's location, the FindMy network queries for the public key associated with that Bluetooth signal and then notifies the owner of its location.