Comment Apple veut nous permettre de retrouver un appareil même déconnecté du réseau, Réactions à la publication du 06/06/2019

[Lionel]

iOS 13 et macOS 10.15 vont pousser plus loin la possibilité de retrouver un appareil perdu ou dérobé.
Actuellement, ce n'est possible que si ce dernier est connecté au réseau, cellulaire ou Wi-Fi.
Les prochains systèmes vont transformer tout appareil compatible en un émetteur-récepteur capable de détecter les autres appareils (compatibles) via le Bluetooth.
Si un appareil a été déclaré perdu ou volé, il pourra donc être localisé via un autre appareil sous iOS 13 ou macOS 10.15 et cette position vous sera envoyée.

Apple promet que toutes les données seront chiffrées et anonymisées. La confidentialité sera garantie.
C'est plus que souhaitable car sinon, on sera en permanence suivi à quelques mètres près dans tous nos déplacements.

Lien vers le billet original

[RaelRael]

apres faut se calmer.
L'iphone il envoie juste un message pour donner sa position, rien d'autre?

[Hebus]

apres faut se calmer.
L'iphone il envoie juste un message pour donner sa position, rien d'autre?

Non, c'est l'appareil qui reçoit le signal qui indique sa position.

A savoir la clef public pour encoder les informations est une clef générée par votre autre device qui marche de concert pour cette localisation, le device possède donc la clef privée qui n'est transmise à personne donc :

Here's how the new system works, as Apple describes it, step by step:

When you first set up Find My on your Apple devices—and Apple confirmed you do need at least two devices for this feature to work—it generates an unguessable private key that's shared on all those devices via end-to-end encrypted communication, so that only those machines possess the key.

Each device also generates a public key. As in other public key encryption setups, this public key can be used to encrypt data such that no one can decrypt it without the corresponding private key, in this case the one stored on all your Apple devices. This is the "beacon" that your devices will broadcast out via Bluetooth to nearby devices.

That public key frequently changes, "rotating" periodically to a new number. Thanks to some mathematical magic, that new number doesn't correlate with previous versions of the public key, but it still retains its ability to encrypt data such that only your devices can decrypt it. Apple refused to say just how often the key rotates. But every time it does, the change makes it that much harder for anyone to use your Bluetooth beacons to track your movements.

Say someone steals your MacBook. Even if the thief carries it around closed and disconnected from the internet, your laptop will emit its rotating public key via Bluetooth. A nearby stranger's iPhone, with no interaction from its owner, will pick up the signal, check its own location, and encrypt that location data using the public key it picked up from the laptop. The public key doesn't contain any identifying information, and since it frequently rotates, the stranger's iPhone can't link the laptop to its prior locations either.

The stranger's iPhone then uploads two things to Apple's server: The encrypted location, and a hash of the laptop's public key, which will serve as an identifier. Since Apple doesn't have the private key, it can't decrypt the location.

When you want to find your stolen laptop, you turn to your second Apple device—let's say an iPad—which contains both the same private key as the laptop and has generated the same series of rotating public keys. When you tap a button to find your laptop, the iPad uploads the same hash of the public key to Apple as an identifier, so that Apple can search through its millions upon millions of stored encrypted locations, and find the matching hash. One complicating factor is that iPad's hash of the public key won't be the same as the one from your stolen laptop, since the public key has likely rotated many times since the stranger's iPhone picked it up. Apple didn't quite explain how this works. But Johns Hopkins' Green points out that the iPad could upload a series of hashes of all its previous public keys, so that Apple could sort through them to pull out the previous location where the laptop was spotted.

Apple returns the encrypted location of the laptop to your iPad, which can use its private key to decrypt it and tell you the laptop's last known location. Meanwhile, Apple has never seen the decrypted location, and since hashing functions are designed to be irreversible, it can't even use the hashed public keys to collect any information about where the device has been.1

Ce message a été modifié par Hebus - 7 Jun 2019, 09:28.