Apple (opens in new tab)’s long-awaited location-tracking device was released last month. The button-sized wireless device is designed to be attached to often-misplaced possessions like keys. When you can’t remember where you left the AirTag’ed item, you can use your smartphone (opens in new tab) to make it emit a noise, making it easier to locate the item.
Even as some are finding nefarious uses (opens in new tab) for the device, one researcher has demonstrated how he managed to break into one and modified elements of the item tracker software.
We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.
>> Click here to start the survey in a new window (opens in new tab)<<
- We've put together a list of the best endpoint protection software (opens in new tab)
- Take a look at these best malware removal software (opens in new tab)
- Check our list of the best firewall apps and services (opens in new tab)
The German researcher, known as Stack Smashing, has posted a series of tweets claiming that was able to break into the microcontroller of the AirTag to re-flash it to do his bidding, all in a matter of hours.
After gaining control over the microcontroller, the researcher tweaked the URL that appears within a notification when an AirTag in the Lost Mode is tapped on by an NFC-enabled device.
Instead of Apple’s Find My website, the researcher uses his hacked AirTag to spit out a different URL, which can reportedly be used for phishing or for delivering any kind of malware.
Since the researcher says the device can be reflashed, changing the NFC URL is perhaps just the first and the simplest demonstration of what bad actors can do with a jailbroken AirTag tracker.
But for what it’s worth, the process isn’t as straightforward as it sounds. The researcher admits to bricking two AirTags in order to break into the microcontroller.
- Protect your devices with these best antivirus software (opens in new tab)
Via 9to5mac (opens in new tab)