AirTag Successfully Hacked to Show Custom URL in Lost Mode - MacRumors
Skip to Content

AirTag Successfully Hacked to Show Custom URL in Lost Mode

by

The inevitable race to hack Apple's AirTag item tracker has reportedly been won by a German security researcher, who managed to break into the device's microcontroller and successfully modify its firmware.


Thomas Roth, aka Stack Smashing, shared his achievement in a tweet and explained that re-flashing the device's microcontroller had enabled him to change the URL for Lost Mode, so that it opens his personal website on a nearby iPhone or other NFC-enabled device instead of directly linking to an official Find My web address.

Managing to break into the microcontroller is a crucial hurdle to overcome to if the aim is to further manipulate the device's hardware. As The 8-Bit notes:

A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, "these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components."

Roth also shared a video comparing a normal ‌AirTag‌ to his modified device.


How the hack might be exploited in the wild is unclear at this time, but the fact that it can be done may open up avenues for the jailbreaking community to customize the device in ways Apple didn't intend. On a darker note, it could also present opportunities for bad actors to modify the ‌AirTag‌ software for the purposes of phishing and more.

That's assuming Apple isn't able to remotely block such a modified ‌AirTag‌ from communicating with the ‌Find My‌ network. Alternately, Apple might be able to lock down the firmware in a future ‌AirTag‌ software update. Watch this space.

Related Roundup: AirTag
Buyer's Guide: AirTag (Buy Now)

Popular Stories

Second Generation AirTag Feature Purple

AirTag 2 Receives Upgraded Feature With Firmware Update

Wednesday April 1, 2026 1:03 pm PDT by
Apple this week released the first firmware update for the AirTag 2, and the company has since shared release notes that explain what is new. According to Apple, the latest firmware "updates the unwanted tracking sound to more easily locate an unknown AirTag during Precision Finding." The firmware update also includes unspecified "bug fixes and other improvements." The new firmware has a ...
Read Full Article
Second Generation AirTag Feature

Apple Releases First Firmware Update for AirTag 2

Tuesday March 31, 2026 3:08 pm PDT by
Apple today released new firmware for its second-generation AirTag item trackers. The firmware has a 3.0.45 version number, up from 3.0.41, and it is the first firmware update that Apple has provided for the AirTag 2 that launched in January 2026. According to Apple, the AirTag 2 firmware updates the unwanted tracking sound to make it easier to locate an unknown AirTag during Precision...
Read Full Article25 comments
Four iPhone 18 Pro Colors Mock Feature

iPhone 18 Pro Launching in September With These 10 New Features

Monday April 20, 2026 7:13 am PDT by
While the iPhone 18 Pro and iPhone 18 Pro Max are not launching until September, there are already plenty of rumors about the devices. It was initially reported that the iPhone 18 Pro models would have fully under-screen Face ID, with only a front camera visible in the top-left corner of the screen. However, the latest rumors indicate that only one Face ID component will be moved under the...
Read Full Article46 comments

Top Rated Comments

K
krewger
65 months ago
So…. It’s been hacked to be a customizable nfc tag. Looks like a lot of trouble to go through. I could also just put new nfc tags inside the AirTag’s case and accomplish the same thing. Security on your personal device is already in place - the link is displayed on the phone asking if you want to open it first before visiting the URL. https://electronics.howstuffworks.com/nfc-tag.htm
Score: 21 Votes (Like | Disagree)
P
Puonti
65 months ago

The AirTag does not carry other data than its own position.
I don't believe this is accurate. As I understand it:

An AirTag does not know where it is. All it does for location tracking is transmit radio waves. Devices that do know where they are can detect the AirTag, and then tell the FindMy network "I am at this location, and hey there's an AirTag here".
Score: 18 Votes (Like | Disagree)
J
Jumpinbeans
65 months ago
Basically if you find an airtag and don't know why its there or who it belongs to and its not worth scanning as it may be compromised - smash it :)
Score: 17 Votes (Like | Disagree)
szw-mapple fan Avatar
szw-mapple fan
65 months ago

So if you lose your AirTag and then find it after one day for example, you cannot trust it anymore? Or if you find someones AirTag should you be also wary of placing it near your own phone? This gets interesting.
This won't apply to the vast vast majority of users. It's a security exercise that's just to prove it's possible. People who needs to be worried about this type of exploits won't be using any trackers of this type anyways.
Score: 14 Votes (Like | Disagree)
U
Unregistered 4U
65 months ago
Next up from security researchers
“SWALLOWING AIRTAGS COULD COMPROMISE YOUR DIGESTIVE SYSTEM… WHAT YOU NEED TO KNOW”
or
“if you glue your house key to your airtag and then lose it, AIRTAGS COULD ALLOW SOMEONE ENTRY INTO YOUR HOUSE!”
Score: 11 Votes (Like | Disagree)
centauratlas Avatar
centauratlas
65 months ago

This won't apply to the vast vast majority of users. It's a security exercise that's just to prove it's possible. People who needs to be worried about this type of exploits won't be using any trackers of this type anyways.
The scenario is: modify your airtag to have a URL to a compromised site (phishing or a drive by site like the ones patched in the last update). Anyone who then scans it can be compromise. Drop it at a company's corporate headquarters by the security office or by the CEO's (BoD's, executives, maintenance, food, coffee provider etc) car (or any other office) and then eventually someone will scan it. They then enter the office, join wifi etc with a compromised device which can scan for unprotected devices, monitor network traffic etc. Likewise, their credentials will be then compromised making further intrusions easier.

It is like any machine, with physical access most things can be compromised. This just increases the attack vectors for people who pick them up.
Score: 9 Votes (Like | Disagree)
Read All Comments