It only took ten days for a user to hack Apple’s new AirTags. Thomas Roth, operator of the stacksmashing channel, claims to have changed the URL stored in the device’s NFC module – indicating a huge security hole.
Tracker of AirTags can be manipulated
The integrated tracker of the AirTags, which can be used to return lost devices to their owners, is affected by the manipulation. In lost mode, a URL is transmitted via NFC from the tracker to all those smartphones that are held close enough to the AirTag. This URL is usually found.apple.com: Finders should receive information about who owns the AirTag and thus the device it is attached to.
Thomas Roth now claims via Twitter to have taken control of the AirTag’s microcontroller, which gave him the opportunity to reflash it. As a result, he was able to change the URL to be transmitted. This is problematic because owners of AirTags could deliberately manipulate the devices and – attached to objects – place them in public spaces to deceive finders. In this way, for example, the URL of a phishing site could be automatically transmitted, which could be used to obtain account data or similar.
Roth illustrates the danger with a video published on Twitter:
https://twitter.com/ghidraninja/status/1391336535929368576
Apple has not yet commented
It is currently unclear whether Apple will respond to the discovery. So far, the corporation has not yet commented. However, it can be assumed that it will be interested in closing the security hole. It remains to be seen whether an update will be released in the coming weeks or months.
