Categories
Popular posts

Apple’s brand new AirTag has already been hacked

Apple announced its new AirTag tracking accessory at the Spring Loaded event just over two weeks ago, and the first deliveries only started reaching the hands of avid customers last weekend.

Despite how new the product is, it seems that it has already been hacked by brilliant minds in the security research space.

In a brief teaser shared just this weekend by IT security researcher stacksmashing (@ghidraninja) on Twitter, we learn that the user successfully broke into an AirTag’s microcontroller:

In a series of follow-up Tweets, the researcher says that the hack allowed for the AirTag’s firmware to be dumped. Furthermore, it seems that the microcontroller can be re-flashed and that it’s possible to modify the NFC URL that appears in AirTag notifications to make custom messages appear on nearby iPhones.

A demo video the NFC URL tidbit can be found below:

It’s important to note that the AirTag is, in and of itself, a limited device. With that in mind, the capabilities of a hacked AirTag would also be limited. Another thing worth noting is the difficulty of hacking an AirTag in the first place. As shown in the images, it appears that the logic board of the AirTag had to be gutted from its shell and attached to another board via wires to tap into specific parts of the device.

It remains to be seen what other capabilities would be possible with a hacked AirTag, but one possibility would be changing the behavior of a basic AirTag to exhibit the same unique animations as those packed with the expensive Hermès-branded accessories. This is merely speculation, however.

We expect that we’ll probably hear more as the research continues. Should anything surface that might be of interest to the general public, we’ll continue to keep our readers apprised.

Are you excited about just how quickly the AirTag device has been pwned after its release? Let us know in the comments section down below.

Leave a Reply

Your email address will not be published. Required fields are marked *