Apple's AirTag can be hacked and its software modified, a security researcher has discovered, with an exploration of the microcontroller revealing elements can be reprogrammed to change what specific functions do.
AirTag (left), and the modified internals (right, via stacksmashing/Twitter)
Apple is well known for having high levels of security built into its products, and that has naturally led to the new AirTags becoming a target for security researchers. Just over a week after shipping, it seems that some AirTag elements can be modified.
German security researcher "stacksmashing" revealed on Twitter that they were able to "break into the microcontroller" of the AirTag. Posted on Saturday and first reported by The 8-Bit, the tweet thread includes some details about the researcher's exploration of the device.
Built a quick demo: AirTag with modified NFC URL
-- stacksmashing (@ghidraninja) May 8, 2021
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
After a few hours and the destruction of multiple tags in the process, the researcher made firmware dumps and eventually discovered the microcontroller could be reflashed. In short, the researcher proved it was possible to alter the programming of the microcontroller, to change how it functions.
An initial demonstration showed an AirTag with a modified NFC URL that, when scanned with an iPhone, displays a custom URL instead of the usual "found.apple.com" link.
While only in its early stages, the research shows that it takes a lot of knowhow and effort to hack AirTag in the first place. During a demonstration video, the modified AirTag is shown attached to cables, which are claimed to provide just power to the device.
It is plausible that similar techniques could be used for malicious purposes, though it is unclear exactly how far it can be pushed at this time.
Given that AirTag relies on the secure Find My network for its Lost Mode to function, it seems likely that Apple would roll out some form of server-side defense against any malicious modified versions.
Since its launch, a hidden debug mode has been found in AirTag, providing developers with considerably more information than users would normally need about the device's hardware.