AirTag security flaw allows bad actors to exploit its software by hacking the device's microcontroller

May 10, 2021 06:39 GMT  ·  By

A security researcher discovered that Apple's AirTag can be hacked, and thus its software modified. Using a microcontroller, he unraveled elements that can be reprogrammed to alter basic functions. 

Apple is known for using high standards of protection in its devices, so the latest AirTags have inevitably become a priority for security researchers. Released a week ago, the devices appear to have some critical vulnerabilities.

German security researcher "Stack Smashing" stated on Twitter that he was able to "break into the microcontroller" of the AirTag. The tweet thread, which was first published by The 8-Bit on Saturday, contains some information about the researcher's investigation of the unit.

Yet hacking AirTag is not as easy as you might think

The researcher demonstrated that it is possible to modify the microcontroller's programming and thus its behavior. He made firmware dumps, destroyed several tags in the process, only to discover that the microcontroller could be reflashed.

An iPhone was used to scan an AirTag with a modified NFC URL which displayed a custom URL instead of the usual "found.apple.com" link.

Although the research is still in its initial stages, it shows that hacking AirTag requires a lot of knowledge and effort. A demonstration video reveals the modified device connected to cables, despite the claims that they solely provide power to the device.

Similar methods could potentially be used for malicious reasons, but it is unknown how far this can be taken at this point.

Given that AirTag's Lost Mode relies on Apple's safe Find My network, it is likely that Apple will deploy server-side protection against any maliciously modified versions.

AirTag has had a secret debug mode since its launch, providing developers with much more knowledge about the device's hardware than users would usually need.