Apple’s AirTag has already been hacked
Apple’s AirTag was announced and released not that long ago, but it appears that the gadget has already been hacked less than a month after its official reveal. Now the good news is that this hack came from stacksmashing by IT security researchers on Twitter, which means it is more about exposing the possibility than doing it for malicious purposes.
During the hack, the researcher managed to reverse engineer the microcontroller in the AirTag, although apparently it wasn’t as easy as he’d imagined when he actually bricked two AirTags. However, once he accessed the microcontroller, he flared it again and made changes to how the device worked.
Yes!!! After hours of trying (and bricking up 2 AirTags) I managed to break into the AirTag’s microcontroller! 🥳🥳🥳
/ cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph
– Stacksmashing (@ghidraninja) May 8, 2021
Basically he changed the url on the AirTag to a different one. If an AirTag has gone into lost mode and an NFC-enabled device such as an iPhone or Android phone is brought near the AirTag, a prompt will be displayed that will open the browser and redirect to the Apple website where it will take you to contact the owner.
However, by changing the URL, it means someone can intentionally leave “lost” AirTags lying around for users to pick up. When they try to launch the website, it may redirect malicious content instead. It’s unclear how Apple plans to respond to this problem, but it sounds like something that definitely needs to be addressed.
Saved in Apple> Gadgets. Read more about airtags, hack, privacy and security.