Security researchers investigating Apple’s Find My network used by AirTag, have been able to utilize the system to send messages that Apple apparently cannot monitor or prevent.
It’s not something that can be easily replicated, nor is it something that could mean AirTags users face any issues of malware. However, it is reportedly possible for the Find My network to be subverted to send encoded messages between devices, albeit very short messages.
According to Berlin-based IT security consultancy Positive Security, “it’s possible to upload arbitrary data from non-internet-connected devices” by sending Find My-style broadcasts. These are then picked up by Apple devices, in just the way that a lost AirTag uses passing iPhones to report it location…
One more generally-useful finding is that, according to Positive Security, there doesn’t appear to be a technical reason why users can only have a limited number of AirTags. “In this light, the stated restriction of 16 AirTags per Apple ID seems interesting, as to me it does not seem that Apple can currently enforce this,” says Braunlein.
MacDailyNews Note: “While I was mostly just curious about whether it would be possible,” consultant Fabian Braunlein writes, “I would imagine the most common use case to be uploading sensor readings or any data from IoT devices without a broadband modem, SIM card, data plan or Wi-Fi connectivity.”