Thomas Roth, a computer security researcher, posted a video on Twitter in which he shows he has cracked Apple’s AirTags, the small devices for locating lost and found items. presented last April and that we have reviewed here.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! ????????????
/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph— stacksmashing (@ghidraninja) May 8, 2021
The researcher, who on the Net calls himself Ghidra Ninja and called Stack Smashing his YouTube channel, made two short videos to show that he managed to break the software and hardware protections of the AirTags and download the software created by Apple to manage them (the “firmware”), then modify it and reload it on another AirTag ( as explained, another 2 broke during the attempt). The possibility not only to modify the firmware but above all to reload it on the AirTags is the crucial step, the one that creates the real risk because it gives the possibility to hack them, making them perform unexpected and decidedly unauthorized operations by Apple.
Be careful when scanning untrusted AirTags or this might happen to you???? pic.twitter.com/LkG5GkvR48
— stacksmashing (@ghidraninja) May 9, 2021
As shown in one of the videos posted on Twitter, Roth has changed the behavior of the AirTag when it is read by the NFC sensor of a smartphone. In practice, when someone finds the AirTags, they can detect them if they have a mobile phone equipped with an NFC reader (all iPhones and Android devices in recent years have them) and see a message appear on the screen that allows them to connect to an Apple web page. dedicated to the “Where is” service. Which is what allows you to locate lost AirTags and associated items.
The researcher has modified this message and so in the AirTags with hacked firmware it is possible to show another web address, different from the one provided by Apple, to the person who hooks the NFC signal. An attacker could also modify an AirTag and replace the link with one of a malicious site to compromise the phone or a site disguised as the Apple site, perhaps to carry out a phishing attack.
The risk is currently only theoretical, because any attackers must have physical access to the AirTags and the necessary technical knowledge to be able to download and modify the software. The procedure for reloading the firmware is even more complicated and difficult, it requires a small laboratory and makes the operation not within everyone’s reach. Furthermore, the attack will probably be made impossible: in the future Apple could in fact add software or hardware protection modes that detect if the AirTags have been tampered with, so as to block them remotely.
In these first days of availability of the AirTags, many people have tried to find particular uses and not foreseen by Apple, for better or for worse. Although the company has specifically said that they are not suitable for tracking animals or children, there are those who have hooked them to the dog or cat, or those who have modified and filed them to make them fit better in the wallet, or even those who have pierced them to create a slot in the disc without breaking the delicate internal electronic components, so as to be able to attach them with a lanyard to the house keys or backpack without the need for other accessories.
Then there are those who have figured out how reset to disable them and make them usable by third parties; according to the Washington Postmoreover, Apple would not have “done enough” to prevent them from being used for stalking.