Apple’s AirTags have already been hacked. A cybersecurity expert has modified the device so that it can perform all kinds of actions, including phishing attacks.
It was not long ago that Apple’s AirTags appeared in some countries to compete in the field of portable locators. And there were quite a few of us who, given Apple’s security track record, we’re confident that the company would take this aspect of these devices into account.
However, AirTags have already been hacked, and in less than a week. A cybersecurity researcher has published on Twitter a whole thread explaining the hacking process he has carried out on these devices. A process that, moreover, has been captured on video.
Smashing goes so far hacking the device that he was able to modify elements of the AirTags software itself as well as change the operation of the NFC system for its different modes, such as Lost Mode.
The AirTags, hacked
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
The researcher explained on Twitter that he was able to directly attack the AirTag’s internal microcontroller. This is essentially an integrated circuit that is used to control other nearby devices through a microprocessing unit. With control of that element, the hacker can do with the AirTag whatever he wants.
Or rather, he can make the AirTag do whatever he wants. Without going any further, in the video, below we can see the comparison between an AirTag with the modified NFC URL and a completely normal one. While the latter opens the URL of Apple’s ‘Find My Device‘ network, the latter can open an unrelated website.
The thread details the whole process (always omitting the steps to follow due to the danger of hackers taking note. Surprisingly, Stack Smashing manages to access the AirTag’s firmware, being able to access all its files and the most important areas of it.
Of course, the fact that the modified AirTag can open websites unrelated to Apple’s ‘Find My Device’ network opens the door to all kinds of attacks, especially those related to phishing and phishing.
Hopefully, after this issue, Apple will fix the problem, probably by setting up server-side blocking to prevent modified AirTags from opening websites unrelated to the ‘Find My Device’ network. Although that doesn’t change the fact that the device could have been tapped in such a short time since launch.
This isn’t the first time we’ve seen concerns concerning the AirTag. Some experts have brought to the table the debate on the use of these locators, opening the possibility that they could be used to track people and commit various crimes.
