The Apple AirTag has been available for just over a week. Since then, we have seen a user rebuilding an AirTag as a thinner card that fits into wallets and also learned that it’s “frighteningly easy” to stalk using the item tracker. Now, a security researcher was able to hack the accessory, modifying its NFC URL for Lost Mode.

The German security researcher Stack Smashing tweeted today (via The 8-bit) that he was able to “break into the microcontroller of the AirTag” and modified elements of the item tracker software.

A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, “these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components.”

With that, we can say that the AirTag was jailbroken, and a hacker could decide what it wants the device to do. For example, the security researcher was able to modify its NFC URL. In the video, he compares a regular AirTag with a modified one.

While the regular item tracker opens the Find My website, the modified item tracker opens a non-related URL, which could be used for phishing or anything else.

As for now, we have to wait and see if Apple will be able to implement a server-side blocking mechanism to prevent a modified AirTag from accessing the Find My Network. Check the video below of the modified item tracker and how it was hacked:

FTC: We use income earning auto affiliate links. More.


Check out 9to5Mac on YouTube for more Apple news:

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

About the Author