A security researcher has posted a video claiming to show a hacked Apple AirTag device, which sports a modified Near Field Communication (NFC) URL.
Apple’s long-awaited location-tracking device was released last month. The button-sized wireless device is designed to be attached to often-misplaced possessions like keys. When you can’t remember where you left the AirTag’ed item, you can use your smartphone to make it emit a noise, making it easier to locate the item.
Even as some are finding nefarious uses for the device, one researcher has demonstrated how he managed to break into one and modified elements of the item tracker software.
- We've put together a list of the best endpoint protection software
- Take a look at these best malware removal software
- Check our list of the best firewall apps and services
The German researcher, known as Stack Smashing, has posted a series of tweets claiming that was able to break into the microcontroller of the AirTag to re-flash it to do his bidding, all in a matter of hours.
Jailbroken AirTag
After gaining control over the microcontroller, the researcher tweaked the URL that appears within a notification when an AirTag in the Lost Mode is tapped on by an NFC-enabled device.
Instead of Apple’s Find My website, the researcher uses his hacked AirTag to spit out a different URL, which can reportedly be used for phishing or for delivering any kind of malware.
Since the researcher says the device can be reflashed, changing the NFC URL is perhaps just the first and the simplest demonstration of what bad actors can do with a jailbroken AirTag tracker.
But for what it’s worth, the process isn’t as straightforward as it sounds. The researcher admits to bricking two AirTags in order to break into the microcontroller.
- Protect your devices with these best antivirus software
Via 9to5mac
