AirTag Hack Replaces URL for Lost Mode

Return the AirTag to the owner

Launched in April at Spring Loaded event, Apple’s AirTag is getting the attention of modders and security researchers alike. We recently saw how a YouTuber turned an AirTag into a wallet tracker and now, a security researcher has put AirTag’s security to the test.

AirTag Hacked?

First reported by The 8-Bit, German security researcher and YouTuber stacksmashing took to Twitter to share how they were able to break into the microcontroller of the AirTag. After this, they managed to change the URL when AirTag is in lost mode – the feature that lets you mark your AirTag as lost.

In normal circumstances, AirTag will direct users to ‘found.apple.com’ when brought closer to an NFC-supported smartphone. However, with stacksmashing’s modified AirTag, the tracker takes users to a modified URL. Take a look at the video demo below:

stacksmashing also demonstrated a harmless rickroll with the modified AirTag:

So, does this mean you should worry as an AirTag owner? Not really, at least at the moment. While this is technically the first jailbreaked AirTag, it requires physical access to the tracker. The process is not straightforward and stacksmashing says they bricked two AirTags during this project. However, this opens up a lot of possibilities for hackers to repurpose the AirTag for phishing attacks if you scan a modified AirTag.

It won’t be surprising if Apple manages to block these AirTags out of the Find My network in the foreseeable future. The Cupertino giant may also roll out a software update soon to lock down the firmware to avoid these possibilities. Meanwhile, AirTag owners have also figured out a way to access Apple AirTag’s hidden developer mode.

#Tags
Comments 0
Leave a Reply

Loading comments...