Researcher manages to hack Apple AirTags Bluetooth tracker with custom NFC URL
Mentioned by the German security researcher "Stack Smashing" on Twitter, the team was able to "break into the microcontroller" of the AirTag.
As it turns out, Apple’s one of the much-anticipated and popular accessories, AirTags, can be hacked. First reported by 8-Bit, the hack is discovered by a security researcher, who made use of the microcontroller, making it do specific tasks. This also comes at a time when Apple boasts about the security of its devices in the market and its stringent policies against it.
Mentioned by the German security researcher "Stack Smashing" on Twitter, the team was able to "break into the microcontroller" of the AirTag. After several tries, the researcher was able to reflash Apple AirTags and alter the programming of the microcontroller to change its functions.
The report states that the initial demonstration showcased an AirTag with a modified NFC URL. This means when it is scanned by the iPhone, it will show a custom URL instead of the usual ‘found.apple.com’ link. It has been mentioned that such methods can be used to send malicious links to customers.
However, considering that AirTags works in tandem with secure ‘Find My’ service for the Lost Mode function, Apple might release a server side update to fix the issue and make it more secure. The researcher, however, also mentions that it takes a lot of know-how to hack AirTag in the first place. In the demo video, we also saw the modified AirTags attached to cables, which are said to power the device.
Although these might be tough to hack, at the end of the day, they are still hack-able.
This is not the first flaw that has been discovered for the AirTags. Since its launch, users have found a hidden bug mode as well that gives developers more information than users would normally need about the device's hardware.