A security researcher has found that Apple’s AirTag can be hacked and its software reprogrammed to modify specific functions of the device.
AirTags help keep track of and find items via Apple’s Find My app. Whether attached to a handbag, keys, backpack, or other items, AirTag taps into the vast, global Find My network and can help locate a lost item, all while keeping location data private and anonymous with end-to-end encryption.
German security researcher and YouTube content creator that goes by the name Stack Smashing tweeted [Sunday] that they were successful in “breaking into the microcontroller of the AirTag.” They were then able to re-flash the microcontroller that enabled them to modify elements of AirTag’s software.
In this case, the security researcher Stack Smashing quickly demonstrated one of the things they could do with their “Modified AirTag.” They tweaked the URL that appears within a notification when an AirTag enabled in Lost Mode is tapped on by an NFC-enabled device (which includes smartphones other than iPhones) to promote their own website. Usually, the AirTag will redirect to a “found.apple.com” website for displaying Lost Mode information related to the owner.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳
/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph
— stacksmashing (@ghidraninja) May 8, 2021
And confirmed that we can re-flash the microcontroller! Woohoo.
— stacksmashing (@ghidraninja) May 8, 2021
MacDailyNews Take: Everything can be hacked. Since Apple’s secure Find My network is required for AirTag’ s Lost Mode functionality, Apple could employ a server-side defense against modified AirTag units.
So they created a Frankenstein version of one AirTag that will look and act in some demented mode… So what?
So you create nothing and instead post your indifference to a very interesting POC online. So what?