A security researcher discovered that Apple’s AirTag can be hacked and modified. According to Gadgets 360, German security researcher Thomas Roth going by the name Stack Smashing on Twitter reportedly gained access to the AirTag’s microcontroller item tracker and had the capacity to change how it works.
AirTag is Apple’s latest device to come to the Apple universe. It is a device made to track down lost or stolen items. Small, sleek, and shaped like a puck, this tracker of sorts leverages Apple’s existing network of devices to find misplaced or stolen items via the Find My App.
AirTag works by using Bluetooth signals to gain access to Apple’s network of devices, such as Macs, iPhones, and others, to send signals and to find the item in question. This can track items such as keys, bags, and more.
According to a tweet by Stack Smashing (@ghidraninja) dated Sunday, May 9, 2021, the security researcher said that “And confirmed that we can re-flash the microcontroller! Woohoo.”
In another tweet, the German security researcher said, “Built a quick demo: AirTag with modified NFC URL. (Cables only used for power).” The tweet came with a short video clip showing how Thomas Roth was able to control the said AirTag in question in comparison to an untouched version.
In 9 to 5 Mac’s findings, the news site reveals that the modified microcontroller opened up to a non-related URL. The news site also said that this could pose risks for users, such as being used for phishing attacks and other similar scams.
When scanned with an iPhone, the URL directed the users to another custom URL rather than the found.apple.com link that usually pops up. Gadgets 360 states that it is worthy to note that although Roth has found some loopholes within the device, it took the security researcher a number of tries in order to do so, with some AirTags being bricked in the process.
Gadgets 360 also maintained that users of the device could be prone to attacks and malicious websites, instead of displaying the necessary information that the user needs.
Given the ability to jailbreak the device, Roth suggested that Apple further update its firmware to ensure the safety and protection of users, and by extension, the security of personal data. This jailbreaking incident comes as Apple claimed that the device had the essential security features that the company was known for, notes Gadgets 360.
