At first I thought this only affected tracking of Apple devices, but it's not apple devices that it affects - it uses the Find My relay network to track other devices.
Named "nRootTag" by the team, the attack uses a device’s Bluetooth address combined with Apple's Find My network to essentially turn target devices into unwitting homing beacons.
The team of Qiang Zeng and Lannan Luo—both associate professors in the Department of Computer Science—and PhD students Chen and Xiaoyue Ma found the attack works by tricking Apple's Find My network into thinking the target device is a lost AirTag. AirTag sends Bluetooth messages to nearby Apple devices, which then anonymously relay its location via Apple Cloud to the owner for tracking. Their attack method can turn a device—whether it's a desktop, smartphone, or IoT device—into an "AirTag" without Apple's permission, at which point the network begins tracking.
The technique doesn't require sophisticated administrator privilege escalation typically needed for such deep system access. Instead, it cleverly manipulates the Find My Network's trust in device signals, essentially turning Apple's helpful lost-device feature into an unwitting accomplice.