A wake up call for Apple
Apple is a company that emphasizes more on security and privacy in all its products. The recently announced Bluetooth tracker “Apple AirTags” also embodies the same principle within itself.
Now Apple AirTags has reportedly been hacked by a German cybersecurity researcher, Thomas Roth. The researcher used reverse-engineering on the latest Apple device’s microcontroller to do this. Going by the name “stacksmashing” on twitter, he claimed that he was able to successfully hack the Apple AirTag by breaking into its microcontroller.
After gaining access to the microcontroller, he reprogrammed the AirTag and modified its firmware.
The changes made by the security researcher allowed him to tweak the functionality of the AirTag and put a custom NFC link when it is in the Lost Mode, as shown in a video posted on Twitter.
Normally, when the AirTag is in the Lost Mode, it shows a notification when scanned by an NFC-capable smartphone (both Android or iOS), with a link to the found.apple.com website (part of the Find My network) to display information about the owner.
The hackers could be able to leverage the loopholes showcased on Twitter to target those who found the lost AirTag to malicious websites, instead of displaying information about the user.
The researcher did mention that it took hours for him to bring modifications. He also said that he bricked a couple of AirTags before reaching success.
Apple claimed privacy and security as the core features of the AirTag at the time of its official announcement last month. However, the tweets posted by Roth suggest that the Cupertino company may need to bring an update to block firmware-level modification.
There is no official update from Apple on this issue, and we hope they release an update to AirTags that will fix this hack.
Author
