Apple AirTag was released almost ten days ago. Since then, enthusiasts have turned AirTag into a thin card that fits in a wallet and raised a serious security issue – with AirTag, it has proven “frighteningly easy” to chase an unsuspecting victim. Now the first security expert was able to hack the accessory.
The researcher, nicknamed Stack Smashing, wrote on his Twitter page that he was able to “hack the AirTag microcontroller” and change the elements of the software. For example, a security researcher was able to change his NFC URL. The video compares a regular AirTag with a modified one.
A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, “these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components.”
While a regular AirTag opens the official Find My … website, a modified beacon opens a third-party URL that can be used by attackers for phishing purposes, for example.
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021