AirTag Hacked?
First reported by The 8-Bit, German security researcher and YouTuber stacksmashing took to Twitter to share how they were able to break into the microcontroller of the AirTag. After this, they managed to change the URL when AirTag is in lost mode – the feature that lets you mark your AirTag as lost. In normal circumstances, AirTag will direct users to ‘found.apple.com’ when brought closer to an NFC-supported smartphone. However, with stacksmashing’s modified AirTag, the tracker takes users to a modified URL. Take a look at the video demo below:
(Cables only used for power) pic.twitter.com/DrMIK49Tu0 — stacksmashing (@ghidraninja) May 8, 2021 stacksmashing also demonstrated a harmless rickroll with the modified AirTag:
— stacksmashing (@ghidraninja) May 9, 2021 So, does this mean you should worry as an AirTag owner? Not really, at least at the moment. While this is technically the first jailbreaked AirTag, it requires physical access to the tracker. The process is not straightforward and stacksmashing says they bricked two AirTags during this project. However, this opens up a lot of possibilities for hackers to repurpose the AirTag for phishing attacks if you scan a modified AirTag. It won’t be surprising if Apple manages to block these AirTags out of the Find My network in the foreseeable future. The Cupertino giant may also roll out a software update soon to lock down the firmware to avoid these possibilities. Meanwhile, AirTag owners have also figured out a way to access Apple AirTag’s hidden developer mode.