Apple AirTags, Now Jailbroken, Could Become Even Bigger Privacy Nightmare

Apple AirTags, Now Jailbroken, Could Become Even Bigger Privacy Nightmare

Apple has made a lot of noise about its commitment to privacy, hoping to draw a distinction between it and Google, which thrives on your data. The new Apple AirTag is not the first smart tracker, but it’s so good at what it does that it could actually be a privacy nightmare. This is an even greater concern now that a security researcher has shown that it’s possible to “jailbreak” an AirTag and change how the firmware works.

The AirTag is a low-power item tracker akin to a Tile or Chipolo. The idea is you attach an AirTag to something important, and you can find its approximate location from your phone. The AirTag can also use other iDevices like Bluetooth beacons, allowing you to track your tag even when it’s not nearby.

A German security researcher who goes by stacksmashing has shown that the nRF52 microcontroller inside the AirTag is programmable. It’s not easy to do, and stacksmashing bricked two of the $100 trackers before succeeding. But it’s possible to dump the firmware from the AirTag and upload a modified version.

Stacksmashing demonstrated the hack by changing the URL broadcast from the tag in Lost mode. Usually, an AirTag in Lost mode should beam an Apple tracker page via NFC. Thus, anyone who finds your lost tag will be able to follow that link and contact you. However, tapping an iPhone to stacksmashing’s modified tag sends the user to a different URL. So, it might be possible to use hacked AirTags to trick people into visiting malicious domains. The notification does show the URL, but people will be apt to trust AirTags. It could be a modern version of leaving boobytrapped flash drives laying around.

Built a quick demo: AirTag with modified NFC URL 😎

(Cables only used for power) pic.twitter.com/DrMIK49Tu0

— stacksmashing (@ghidraninja) May 8, 2021

Even without hacking, AirTags have some privacy advocates worried that Apple might have invented the ideal tool for stalkers. AirTags in Lost mode are supposed to produce a notification on iPhones when they’ve been in close proximity for a few hours, but Android users don’t get any such notification. The tag should also start beeping after several days to further reduce the likelihood someone will use it to follow around a person instead of a thing. However, the ability to modify the firmware could mean it’s possible to disable both of those security features. At that point, you’d have the perfect tool to spy on someone.

Apple has control over how AirTags interact with its network, so there might be some way to disable modified tags on the server side. The company has yet to respond to the latest developments.

Continue reading

MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing
MSI’s Nvidia RTX 3070 Gaming X Trio Review: 2080 Ti Performance, Pascal Pricing

Nvidia's new RTX 3070 is a fabulous GPU at a good price, and the MSI RTX 3070 Gaming X Trio shows it off well.

Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption
Review: The Oculus Quest 2 Could Be the Tipping Point for VR Mass Adoption

The Oculus Quest 2 is now available, and it's an improvement over the original in every way that matters. And yet, it's $100 less expensive than the last release. Having spent some time with the Quest 2, I believe we might look back on it as the headset that finally made VR accessible to mainstream consumers.

Review: DJI’s New Mini 2 May Be the Perfect Travel Drone
Review: DJI’s New Mini 2 May Be the Perfect Travel Drone

If you love traveling with your drone but hate lugging around a lot of gear, DJI's Mini 2 may be the perfect solution.

Ryzen 9 5950X and 5900X Review: AMD Unleashes Zen 3 Against Intel’s Last Performance Bastions
Ryzen 9 5950X and 5900X Review: AMD Unleashes Zen 3 Against Intel’s Last Performance Bastions

AMD continues its onslaught on what was once Intel's undisputed turf.