AirTag Successfully Hacked to Show Custom URL in Lost Mode
The inevitable race to hack Apple's AirTag item tracker has reportedly been won by a German security researcher, who managed to break into the device's microcontroller and successfully modify its firmware.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳 /cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph — stacksmashing (@ghidraninja) May 8, 2021
Thomas Roth, aka Stack Smashing, shared his achievement in a tweet and explained that re-flashing the device's microcontroller had enabled him to change the URL for Lost Mode, so that it opens his personal website on a nearby iPhone or other NFC-enabled device instead of directly linking to an official Find My web address.
Managing to break into the microcontroller is a crucial hurdle to overcome to if the aim is to further manipulate the device's hardware. As The 8-Bit notes:
A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, "these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components."
Roth also shared a video comparing a normal AirTag to his modified device.
How the hack might be exploited in the wild is unclear at this time, but the fact that it can be done may open up avenues for the jailbreaking community to customize the device in ways Apple didn't intend. On a darker note, it could also present opportunities for bad actors to modify the AirTag software for the purposes of phishing and more.
That's assuming Apple isn't able to remotely block such a modified AirTag from communicating with the Find My network. Alternately, Apple might be able to lock down the firmware in a future AirTag software update. Watch this space.