To the delight of scammers: Apple AirTag has already been hacked

This made it possible to change the URL that appears in the notification in the loss of label mode, which can be used by hackers.

To the delight of scammers Apple AirTag has already been hacked

The Apple AirTag search beacon went on sale at the end of last month, and since then, users have been doing various experiments with this gadget. However, the greatest interest is not associated with the fact that it can be embedded somewhere or discreetly planted for surveillance. It turns out that AirTag can be hacked, as demonstrated by the German security researcher stacksmashing.

 

On his Twitter, the expert wrote that he was able to reflash the beacon microcontroller, and this allowed changing the URL that appears in the notification in the tag loss mode.

Pasted 11

Thus, when scanning a hacked AirTag on a smartphone, a fake link is displayed, which does not lead to the Apple service page for finding lost devices Find My, but to another site. This opportunity can be used by phishing attackers.

Pasted 12

 

It is worth noting that it is still possible to hack AirTag only with the help of changes in the microcontroller program, for which it is necessary to have physical access to the beacon. The search system itself does not contain any vulnerabilities. Perhaps Apple will pay attention to this and implement some kind of protective mechanism to prevent the modified AirTag from accessing the Find My network.

All TechWeek writers are indepentent and from many different countries. Some english misspelling and grammar mistakes may occur. Report article.

We are experiencing some technical difficulties. Some articles and reviews are missing sources.

Tech Week