Researchers Put Public-Key Crypto and a Clever Stalker Detection Algorithm to Work on AirTag Privacy

Researchers from Johns Hopkins University and the University of California San Diego have come up with a way to keep the benefits of location tracking tags like Apple's AirTags while reducing their suitability for abuse — through the addition of privacy-preserving stalker-detection algorithms.

"Location tracking accessories (or 'tracking tags') such as those sold by Apple, Samsung, and Tile allow owners to track the location of their property and devices via offline tracking networks," the researchers explain. "The tracking protocols have been designed to ensure some level of user privacy against surveillance by the vendor.

"Such privacy mechanisms, however, seem to be at odds with the phenomenon of tracker-based stalking, where attackers use these very tags to monitor a target's movements. Numerous such criminal incidents have been reported, and in response, manufacturers have chosen to weaken privacy guarantees in order to allow users to detect malicious stalker tags."

That AirTags and equivalents can be abused in order to track those who do not wish to be tracked is not news: the issue has been well-documented, both using original hardware and homebrew variants using platforms like OpenHaystack. To address the issue, vendors frequently include a way to detect the tags — but while this can alert someone who has been tagged without their consent, it can also warn thieves and other ne'er-do-wells of the presence of legitimate tags.

The researchers' approach, the team claims, strikes a better balance between stopping stalkers in their tracks and preserving the privacy of legitimate users — using existing hardware and within the constraints of existing tracking protocols. The trick: introducing a public-key cryptography secret sharing system which makes it difficult to differentiate a single tracker's broadcasts from those of multiple unrelated trackers without harming the ability to find lost trackers, coupled with an algorithm which can detect trackers deployed by potential stalkers.

In testing, the stalker-detection algorithm could trigger a warning of unauthorized tracking devices in around an hour — while adding as little delay as possible to genuine use of the tracking tags. Similarly, the secret-sharing system would protect against the detection of an authorized tracker for around 40 minutes of close proximity. The researchers, however, admit that their approach offers "only limited security against a sophisticated attacker" using counterfeit tags.

A preprint of the team's work is available on the IACR Cryptology ePrint Archive.