AirTag Successfully Hacked to Show Custom URL in Lost Mode - MacRumors
Skip to Content

AirTag Successfully Hacked to Show Custom URL in Lost Mode

by

The inevitable race to hack Apple's AirTag item tracker has reportedly been won by a German security researcher, who managed to break into the device's microcontroller and successfully modify its firmware.


Thomas Roth, aka Stack Smashing, shared his achievement in a tweet and explained that re-flashing the device's microcontroller had enabled him to change the URL for Lost Mode, so that it opens his personal website on a nearby iPhone or other NFC-enabled device instead of directly linking to an official Find My web address.

Managing to break into the microcontroller is a crucial hurdle to overcome to if the aim is to further manipulate the device's hardware. As The 8-Bit notes:

A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, "these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components."

Roth also shared a video comparing a normal ‌AirTag‌ to his modified device.


How the hack might be exploited in the wild is unclear at this time, but the fact that it can be done may open up avenues for the jailbreaking community to customize the device in ways Apple didn't intend. On a darker note, it could also present opportunities for bad actors to modify the ‌AirTag‌ software for the purposes of phishing and more.

That's assuming Apple isn't able to remotely block such a modified ‌AirTag‌ from communicating with the ‌Find My‌ network. Alternately, Apple might be able to lock down the firmware in a future ‌AirTag‌ software update. Watch this space.

Related Roundup: AirTag
Buyer's Guide: AirTag (Buy Now)

Popular Stories

Second Generation AirTag Feature

Apple Launched AirTag 5 Years Ago Today

Thursday April 30, 2026 5:51 am PDT by
Apple's AirTag item tracker turns five years old today, with the $29 accessory having spent half a decade as the best-selling item tracker in the world. The AirTag launched on April 30, 2021, alongside the M1 iMac, a new iPad Pro, and a new Apple TV 4K. The coin-shaped accessory has a polished stainless steel back, IP67 water resistance, and a U1 Ultra Wideband chip that powers Precision...
Read Full Article30 comments
Second Generation AirTag Feature Purple

Apple Faces Dozens of Lawsuits Over AirTag Stalking After Class Action Denied

Friday May 1, 2026 2:39 pm PDT by
Apple is facing over 30 lawsuits from people who claim to have been stalked using Apple AirTags. The filings come after an AirTag lawsuit from 2022 (Hughes v. Apple) failed to get class certification. In each filing, Apple is accused of releasing the AirTag while being aware that it could be "purchased and used by abusive, dangerous individuals, to track, coerce, control, and otherwise...
Read Full Article88 comments
airtag cyber

Energizer Launches AirTag-Compatible Batteries That Prevent Ingestion Burns

Wednesday May 6, 2026 4:10 pm PDT by
Energizer today announced the launch of new Energizer Ultimate Child Shield coin lithium batteries that are available in the 2032 size used in Apple's AirTags. The Child Shield batteries do not cause ingestion burns if swallowed, and they also include an element that turns the mouth blue when exposed to saliva. Energizer says this will allow caregivers to be alerted when ingestion has...
Read Full Article104 comments

Top Rated Comments

K
krewger
65 months ago
So…. It’s been hacked to be a customizable nfc tag. Looks like a lot of trouble to go through. I could also just put new nfc tags inside the AirTag’s case and accomplish the same thing. Security on your personal device is already in place - the link is displayed on the phone asking if you want to open it first before visiting the URL. https://electronics.howstuffworks.com/nfc-tag.htm
Score: 21 Votes (Like | Disagree)
P
Puonti
65 months ago

The AirTag does not carry other data than its own position.
I don't believe this is accurate. As I understand it:

An AirTag does not know where it is. All it does for location tracking is transmit radio waves. Devices that do know where they are can detect the AirTag, and then tell the FindMy network "I am at this location, and hey there's an AirTag here".
Score: 18 Votes (Like | Disagree)
J
Jumpinbeans
65 months ago
Basically if you find an airtag and don't know why its there or who it belongs to and its not worth scanning as it may be compromised - smash it :)
Score: 17 Votes (Like | Disagree)
szw-mapple fan Avatar
szw-mapple fan
65 months ago

So if you lose your AirTag and then find it after one day for example, you cannot trust it anymore? Or if you find someones AirTag should you be also wary of placing it near your own phone? This gets interesting.
This won't apply to the vast vast majority of users. It's a security exercise that's just to prove it's possible. People who needs to be worried about this type of exploits won't be using any trackers of this type anyways.
Score: 14 Votes (Like | Disagree)
U
Unregistered 4U
65 months ago
Next up from security researchers
“SWALLOWING AIRTAGS COULD COMPROMISE YOUR DIGESTIVE SYSTEM… WHAT YOU NEED TO KNOW”
or
“if you glue your house key to your airtag and then lose it, AIRTAGS COULD ALLOW SOMEONE ENTRY INTO YOUR HOUSE!”
Score: 11 Votes (Like | Disagree)
centauratlas Avatar
centauratlas
65 months ago

This won't apply to the vast vast majority of users. It's a security exercise that's just to prove it's possible. People who needs to be worried about this type of exploits won't be using any trackers of this type anyways.
The scenario is: modify your airtag to have a URL to a compromised site (phishing or a drive by site like the ones patched in the last update). Anyone who then scans it can be compromise. Drop it at a company's corporate headquarters by the security office or by the CEO's (BoD's, executives, maintenance, food, coffee provider etc) car (or any other office) and then eventually someone will scan it. They then enter the office, join wifi etc with a compromised device which can scan for unprotected devices, monitor network traffic etc. Likewise, their credentials will be then compromised making further intrusions easier.

It is like any machine, with physical access most things can be compromised. This just increases the attack vectors for people who pick them up.
Score: 9 Votes (Like | Disagree)
Read All Comments