Apple has been making a lot of noise about its commitment to privacy, hoping to draw a distinction between it and Google, which thrives on your data. The new Apple AirTag isn’t the first smart tracker, but it’s so good at what it does that it could actually be a privacy nightmare. This is an even greater concern now that a security researcher has shown that it is possible to “jailbreak” an AirTag and change the way the firmware works.
The AirTag is a low-powered object tracker similar to Tile or Chipolo. The idea is to link an AirTag to something important and you can find its approximate location from your phone. The AirTag can also use other iDevices such as Bluetooth beacons, allowing you to track your tag even when it’s not nearby.
A German security researcher using stacksmashing has shown that the nRF52 microcontroller inside the AirTag is programmable. It’s not easy to do, and stacksmashing put two of the $ 100 trackers through their paces before it was successful. But you can download the firmware from the AirTag and upload a modified version.
Stacksmashing demonstrated the hack by modifying the URL transmitted by the Lost mode tag. Usually, a Lost Mode AirTag should broadcast an Apple tracker page via NFC. Therefore, anyone who finds your lost tag will be able to follow that link and contact you. However, tapping an iPhone for Stacksmashing’s edited tag sends the user to a different URL. Hence, it may be possible to use compromised AirTags to trick people into visiting malicious domains. The notification shows the URL, but people will tend to trust AirTags. It could be a modern take on leaving explosive flash drives lying around.
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
Even without hacking, AirTags has some privacy advocates worried that Apple may have come up with the ideal tool for stalkers. Lost Mode AirTags should produce a notification on iPhones when they have been in close proximity for a few hours, but Android users don’t get such a notification. The tag should also start beeping after several days to further reduce the likelihood of someone using it to follow a person instead of a thing. However, being able to change the firmware could mean that you can disable both of these security features. At that point, you would have the perfect tool to spy on someone.
Apple has control over how AirTags interact with its network, so there may be a way to disable server-side modified tags. The company has yet to respond to the latest developments.
Now read: