On April 20, 2021, Apple launched its upgraded product line of iPads and iMacs in a live streaming event from its HQ in Cupertino. However, the showstopper of the event was not the huge 24” iMac, which was integrated with Apple’s proprietary M1 chipset and a 4.5K retina display, but a small palm-sized gadget weighing just 11 g and merely a quarter over an inch (1.26 in). You guessed it right! We are talking about Apple’s AirTag, the most-awaited and affordable product in the tech giant’s product catalog. This NFC and Bluetooth-enabled gadget was designed to help its users find and secure their essentials like keys, wallets, luggage, etc., but if the latest claims of a German security researcher are true, then Apple’s AirTag can be hacked too.
How Apple’s AirTag Gets Hacked
Apple has been known for adhering to strict security and privacy regulations for countering the exploitation of its products. However, a German researcher going by an alias name “stacksmashing,” has proven otherwise. The researcher successfully broke into the microcontroller of Apple’s AirTag, which gave him access to reprogram or modify the firmware.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳
/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph
— stacksmashing (@ghidraninja) May 8, 2021
In pursuit of hacking the AirTag, the researcher reverse-engineered the microcontroller. This might sound easy, but it certainly was not, as he reportedly bricked two AirTags in the process. However, once he successfully broke into the microcontroller, he re-flashed it and made changes as per his convenience.
Apple’s AirTag has a “Lost” mode, which, when activated by its owner, displays a default “found.apple.com” URL on the finder’s NFC-enabled device when it comes in proximity of the AirTag. On clicking this URL, the finder is redirected to Apple’s website where they can manage to contact the owner of the tag.
The Intent Behind the Hack
To test his break-in, the researcher changed this URL on the AirTag to show that, if the URL is modified, threat actors can intentionally leave AirTags on “Lost” mode around public places for people to find them. And when they attempt to launch the website for finding its owner, they could be redirected to a malicious URL instead.
Apple’s fans might feel awry about the product being compromised this soon after its launch, however, the researcher’s intent at pinpointing the problem could help Apple resolve and patch the loophole at the earliest.
Watch the demo video of the Apple’s AirTag hack below:
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
Related News:
REvil Ransomware Gang Targets Apple’s Supplier, Quanta; Threatens to Leak Blueprints