This work demonstrates that Apple’s Find My network, which underpins AirTag location tracking, is vulnerable to practical relay-based attacks due to its inability to cryptographically verify the authenticity of location reports. By reverse-engineering the Find My protocol, relaying BLE signals, and emulating iOS devices, the authors construct a real-world system capable of intercepting and retransmitting AirTag broadcasts to inject falsified location data into the network. This enables remote manipulation of an AirTag’s reported position, effectively misleading users and impeding item recovery. The attack highlights a fundamental tension in the system’s design: while strong privacy protections prevent unauthorized tracking, they simultaneously undermine the integrity and trustworthiness of location information, leaving the network exposed to spoofing and targeted denial-of-service threats.

Apple AirTags use Apple's Find My network: when nearby iDevices detect a lost tag, they anonymously forward an encrypted location report to Apple, which the tag's owner can then fetch to locate the item. That encryption protects privacy -- neither the finder nor Apple learns the owner's identity -- but it also prevents Apple from validating the correctness of received reports. We show that this design weakness can be exploited: using a relay attack, we can inject manipulated location reports so the Find My service reports a false position for a lost AirTag. The same technique can be used to deny recovery of a targeted tag (a focused DoS), since the owner is misled about its whereabouts.