Apple introduced the AirTag less than a month ago but already the personal item tracker has been successfully hacked to display a custom website when the device is put in Lost Mode.
Apple AirTag Has Already Been Hacked
Thomas Roth, a security researcher from Germany, has reported on Twitter that he has successfully managed to hack his own AirTags—an impressive accomplishment considering the accessory has been on sale just over a week.
The researcher has reportedly managed to break into the accessory’s microcontroller, a small computer on a single chip that typically manages and controls other components and peripherals. In doing so, Roth was able to flash the microcontroller—in other words, to rewrite Apple’s software powering the device.
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
He also shared a video demonstrating how a modified AirTag with a custom Find My URL works compared to a non-hacked version. The modified AirTag has to be connected to cables in order to provide power to the device, Roth says. He had to gut the logic board from the device chassis because the AirTag is a very tightly packed little device.
Changing the URL for AirTag’s Lost Mode
Dumping the AirTag firmware has led Roth to modify it so that the device displays a custom URL in Lost Mode leading to his personal website instead of the special Find My one.
When the user marks their AirTag as lost in the Find My app, they can create a custom message saying that the accessory has been lost. Such a message would typically include the owner’s phone number. If someone else finds a lost AirTag, they can use any smartphone that supports NFC to access a special wepage with the Lost Mode message.
Roth says his proof-of-concept hack serves to demonstrate that the AirTag’s software can be modified to change what specific functions like Lost Mode do. It’s unclear what else could be done and whether malicious users could leverage this hack for nefarious purposes.
We’re purely speculating, but the jailbreak community could take advantage of this to add custom features and user customizations to the AirTag that are unsupported out of the box.
About AirTag Security
The AirTag relies on Apple’s secure Find My network which was designed to keep location data private and anonymous with end-to-end encryption. Importantly, no location data or location history is physically stored inside the AirTag.
“Communication with the Find My network is end-to-end encrypted so that only the owner of a device has access to its location data, and no one, including Apple, knows the identity or location of any device that helped find it,” according to Apple.
Thankfully, Apple patches vulnerabilities in its products as soon as humanly possible. A future software update for the AirTag might fix this security oversight so that the microcontroller could no longer be broken into.
On top of that, Apple could theoretically disable a hacked AirTag remotely by preventing it from communicating with the Find My network in the first place.