AirTags is a Bluetooth-based item that was introduced last month after a lot of rumours about the device. AirTag is an easy and convenient way to keep the tracking of your precious stuff, you can attach one to your keys and put the other one to your precious stuff, and your stuff will be on your radar through the Find My app. However, within a few weeks after the launch of AirTag, the security researchers found some flaws in the device which can allow the hackers to modify the firmware. One researcher claimed on Twitter that he could alter a default NFC link on the AirTag by reflashing its microcontroller. The security researcher explained the flaws by hijacking the AirTags that he succeeded by using reverse engineering.
According to the latest reports, this appears to be the first successful attempt to pass through the security of AirTags. The security researcher was from Germany named Thomas Roth, and he claimed on Twitter by the name Stacksmashing and posted that he hijacked the AirTags by breaking the microcontroller. He further claimed through a tweet that after successfully getting the access to the microcontroller, he reprogrammed the device and altered its firmware. This successful attempt can put many people into suspicion who have recently purchased these AirTags because people are using this device for the security of their valuable stuff like wallet, credit, or debit cards, etc.
The modifications that security researcher Thomas made, that enabled him to adjust the functions of the AirTags and put a custom NFC link when the device is in lost mode, he also posted the video on Twitter to demonstrate his attempt and how he can present a custom link in place of default notification which is linked to “found.app.com” website. The hackers can easily control this flaw to target those who found a lost AirTags to wicked websites, instead of showing the information to the genuine user. However, researcher also said that he could not pass through in minutes rather it took him hours to make the changes and that he even bricked some AirTags before the successful attempt.
Apple Company is known for its strong privacy policies and it announced that security is the major feature in its AirTags at the time of rolling out last month, however, the tweet of Thomas also suggested the Cupertino company bring an update to block firmware-level alteration. Apple has not commented on this attempt, but it is hoped that soon Apple will fix these loopholes.
Read next: According to the data of Flurry, only 15% of users from all over the world and 6% from the US enabled app tracking since its launch
According to the latest reports, this appears to be the first successful attempt to pass through the security of AirTags. The security researcher was from Germany named Thomas Roth, and he claimed on Twitter by the name Stacksmashing and posted that he hijacked the AirTags by breaking the microcontroller. He further claimed through a tweet that after successfully getting the access to the microcontroller, he reprogrammed the device and altered its firmware. This successful attempt can put many people into suspicion who have recently purchased these AirTags because people are using this device for the security of their valuable stuff like wallet, credit, or debit cards, etc.
Built a quick demo: AirTag with modified NFC URL 😎
— stacksmashing (@ghidraninja) May 8, 2021
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
The modifications that security researcher Thomas made, that enabled him to adjust the functions of the AirTags and put a custom NFC link when the device is in lost mode, he also posted the video on Twitter to demonstrate his attempt and how he can present a custom link in place of default notification which is linked to “found.app.com” website. The hackers can easily control this flaw to target those who found a lost AirTags to wicked websites, instead of showing the information to the genuine user. However, researcher also said that he could not pass through in minutes rather it took him hours to make the changes and that he even bricked some AirTags before the successful attempt.
Apple Company is known for its strong privacy policies and it announced that security is the major feature in its AirTags at the time of rolling out last month, however, the tweet of Thomas also suggested the Cupertino company bring an update to block firmware-level alteration. Apple has not commented on this attempt, but it is hoped that soon Apple will fix these loopholes.
Read next: According to the data of Flurry, only 15% of users from all over the world and 6% from the US enabled app tracking since its launch