I guess they can just rate-limit the program that runs in the iPhone, but that still (to me, very naively) would allow a DoS that prevented genuine tags from access.
As mentioned in the OP to know if the tag is genuine a device needs to go to the trouble of receiving the traffic in case it's real, then decrypting (search "ECIES encryption" in OP): so you'd be wasting quite a bit of processing before you reject a fake tag. If they rate limit the decryption - which you'd have to - then you can overwhelm a device on the network by sending out fake packets.
It strikes me you can generate random BLE data that looks like airtag data cheaper than you can verify packets and so in theory one iPhone could overwhelm a minimum of one other; and presumably could overwhelm all others in range (with lower or equal processing power).
They do mention their (the OP's) public keys being rejected.
So, if my analysis is right you can either use all processing on all devices in range, or overwhelm all devices in range of they're rate-limited. The second case is preferable.
I'm interested in why I'm wrong. Can the imaginary fake tags in my analysis be rejected using less power than it takes to make them?
Or, in summary: “Using radio frequencies to intentionally disrupt or damage the functioning of devices you do not own”. Make sure the FCC doesn’t catch you!
I'm not in USA, but I've always read FCC as an administrative arm of government, do they do active monitoring and enforcement? Like of you fire up a rogue transmitter the FCC send officers to apprehend you?
They have an enforcement division. I’ve always heard if you start a pirate radio station with a bit too much signal, it’s only a matter of time before two agents come tell you to knock it off.
I guess they can just rate-limit the program that runs in the iPhone, but that still (to me, very naively) would allow a DoS that prevented genuine tags from access.
As mentioned in the OP to know if the tag is genuine a device needs to go to the trouble of receiving the traffic in case it's real, then decrypting (search "ECIES encryption" in OP): so you'd be wasting quite a bit of processing before you reject a fake tag. If they rate limit the decryption - which you'd have to - then you can overwhelm a device on the network by sending out fake packets.
It strikes me you can generate random BLE data that looks like airtag data cheaper than you can verify packets and so in theory one iPhone could overwhelm a minimum of one other; and presumably could overwhelm all others in range (with lower or equal processing power).
They do mention their (the OP's) public keys being rejected.
So, if my analysis is right you can either use all processing on all devices in range, or overwhelm all devices in range of they're rate-limited. The second case is preferable.
I'm interested in why I'm wrong. Can the imaginary fake tags in my analysis be rejected using less power than it takes to make them?