The Apple AirTag has been available for just over a week. Since then, we have seen a user rebuilding an AirTag as a thinner card that fits into wallets and also learned that it’s “frighteningly easy” to stalk using the item tracker. Now, a security researcher was able to hack the accessory, modifying its NFC URL for Lost Mode.
The German security researcher Stack Smashing tweeted today (via The 8-bit) that he was able to “break into the microcontroller of the AirTag” and modified elements of the item tracker software.
A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, “these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components.”
With that, we can say that the AirTag was jailbroken, and a hacker could decide what it wants the device to do. For example, the security researcher was able to modify its NFC URL. In the video, he compares a regular AirTag with a modified one.
While the regular item tracker opens the Find My website, the modified item tracker opens a non-related URL, which could be used for phishing or anything else.
As for now, we have to wait and see if Apple will be able to implement a server-side blocking mechanism to prevent a modified AirTag from accessing the Find My Network. Check the video below of the modified item tracker and how it was hacked:
Related
- Concept: Enhancing AirTag with family sharing, widgets, and an Apple Watch app
- AirTags withdrawn from sale by Australian chain over child safety concerns
- Using AirTags for checked baggage likely to work well, with one exception
- Best item tracker keychains, cases, straps, and more
- Items tab still unavailable on the web version of Find My
FTC: We use income earning auto affiliate links. More.
Comments