The inevitable race to hack Apple's AirTag item tracker has reportedly been won by a German security researcher, who managed to break into the device's microcontroller and successfully modify its firmware.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳 /cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph — stacksmashing (@ghidraninja) May 8, 2021
Thomas Roth, aka Stack Smashing, shared his achievement in a tweet and explained that re-flashing the device's microcontroller had enabled him to change the URL for Lost Mode, so that it opens his personal website on a nearby iPhone or other NFC-enabled device instead of directly linking to an official Find My web address.
Managing to break into the microcontroller is a crucial hurdle to overcome to if the aim is to further manipulate the device's hardware. As The 8-Bit notes:
A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, "these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components."
Roth also shared a video comparing a normal AirTag to his modified device.
Built a quick demo: AirTag with modified NFC URL 😎 (Cables only used for power) pic.twitter.com/DrMIK49Tu0 — stacksmashing (@ghidraninja) May 8, 2021
How the hack might be exploited in the wild is unclear at this time, but the fact that it can be done may open up avenues for the jailbreaking community to customize the device in ways Apple didn't intend. On a darker note, it could also present opportunities for bad actors to modify the AirTag software for the purposes of phishing and more.
That's assuming Apple isn't able to remotely block such a modified AirTag from communicating with the Find My network. Alternately, Apple might be able to lock down the firmware in a future AirTag software update. Watch this space.
Top Rated Comments
An AirTag does not know where it is. All it does for location tracking is transmit radio waves. Devices that do know where they are can detect the AirTag, and then tell the FindMy network "I am at this location, and hey there's an AirTag here".
“SWALLOWING AIRTAGS COULD COMPROMISE YOUR DIGESTIVE SYSTEM… WHAT YOU NEED TO KNOW”
or
“if you glue your house key to your airtag and then lose it, AIRTAGS COULD ALLOW SOMEONE ENTRY INTO YOUR HOUSE!”