Malcolm Owen
Apple's AirTag can be hacked and its software modified, a security researcher has discovered, with an exploration of the microcontroller revealing elements can be reprogrammed to change what specific functions do.
Apple is well known for having high levels of security built into its products, and that has naturally led to the new AirTags becoming a target for security researchers. Just over a week after shipping, it seems that some AirTag elements can be modified.
German security researcher "stacksmashing" revealed on Twitter that they were able to "break into the microcontroller" of the AirTag. Posted on Saturday and first reported by The 8-Bit, the tweet thread includes some details about the researcher's exploration of the device.
Built a quick demo: AirTag with modified NFC URL
— stacksmashing (@ghidraninja) May 8, 2021
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
After a few hours and the destruction of multiple tags in the process, the researcher made firmware dumps and eventually discovered the microcontroller could be reflashed. In short, the researcher proved it was possible to alter the programming of the microcontroller, to change how it functions.
An initial demonstration showed an AirTag with a modified NFC URL that, when scanned with an iPhone, displays a custom URL instead of the usual "found.apple.com" link.
While only in its early stages, the research shows that it takes a lot of knowhow and effort to hack AirTag in the first place. During a demonstration video, the modified AirTag is shown attached to cables, which are claimed to provide just power to the device.
It is plausible that similar techniques could be used for malicious purposes, though it is unclear exactly how far it can be pushed at this time.
Given that AirTag relies on the secure Find My network for its Lost Mode to function, it seems likely that Apple would roll out some form of server-side defense against any malicious modified versions.
Since its launch, a hidden debug mode has been found in AirTag, providing developers with considerably more information than users would normally need about the device's hardware.
William Gallagher
Sponsored Content
Mike Wuerthele and Malcolm Owen
Andrew Orr
Wesley Hilliard
63 Comments
So what. Someone who knows what they're doing can do the same thing to every computer ever made. The trick is to make these changes without being obvious. All those jumper wires are obvious. I'd like to see him put it back into the enclosure and try and pass it off as an unmodified AirTag. I'm still waiting for mine and this guy wastes "multiple" AirTags.
Yes, if that hack could be executed with theTV/ movie method of holding a phone close by and installing/altering code, then we'd have FUD worth considering.
So once this hack is done, and the AirTag reassembled, to the degree of appearing unaltered, then what. It's swapped out for some victim's unmolested AirTag?
Until it's leaked that the NSA is or the Chinese are selling modified/counterfeit AirTags, I suggest we not worry. Remote possibility doesn't equal even mild probability. I haven't ordered any yet, but will soon.
One question I have about locating your AirTag out in the wild... You leave a Tagged item in a cab or ride share, its location should be picked up by nearby iPhones and sent back to you, yeah?
Does this require any prep of iPhones in the 'crowd', or is it just that an iPhone is nearby, that is– I don't have to toggle something in my iPhone that will alert the owner of a missing tag.
response to @macgui
From Apple:
Your AirTag sends out a secure Bluetooth signal that can be detected by nearby devices in the Find My network. These devices send the location of your AirTag to iCloud — then you can go to the Find My app and see it on a map. The whole process is anonymous and encrypted to protect your privacy. And itʼs efficient, so thereʼs no need to worry about battery life or data usage.
lots more:
https://www.apple.com/airtag/
I don't believe you have to turn anything on. The capability is built into iOS and works securely behind the scenes. I'm not sure there's a way to turn this feature off unless you turn your iOS device off. Your iPhone is constantly monitoring where you are finding either a WiFi or cellular signal. Even if you turn yours off lots of other people will have there's turned on so triangulation of signal can be performed.