Apple AirTag Vulnerability Could Allow Hackers to Modify its Firmware
Apple recently released its AirTag Bluetooth tracker that helps users find their lost items. However, Thomas Roth, a German researcher, reported that a security loophole found in the AirTag devices could allow attackers to make modifications to its firmware. Roth demonstrated this by using reverse engineering to hack an AirTag unit. In a Twitter post, the researcher says that he managed to manipulate the default NFC link by re-flashing the device’s microcontroller.
According to Apple, its AirTag devices have been designed with emphasis on security and privacy, but this demonstration from Thomas Roth appears to be a successful attempt at jailbreaking an AirTag unit.
According to Roth, once he broke into the microcontroller of his AirTag device, he managed to reprogram its firmware and make modifications to it.
The changes made to the firmware allowed Roth to add a custom NFC link to the Lost Mode of the device and tweak other functionality features. He uploaded a video on Twitter demonstrating the jailbreaking attempt.
Under normal circumstances, when the AirTag device is in its Lost Mode, it triggers the display of a notification when scanned by a smartphone that is NFC-capable (this includes not only iPhones but Androids as well). The shown notification contains a link to Apple’s found.apple.com site and shows information about the lost device’s owner.
After a successful hacking attempt of the AirTag device, however, the attackers could target the devices of people who find the lost device by redirecting them to malicious sites rather than to found.apple.com. Roth admits in his tweets that the hacking process takes a considerable amount of time, and he also mentions that several AirTags got bricked before he finally succeeded with the jailbreaking.
Despite the focus on privacy and security in the design of the AirTag devices, the German researcher’s discovery suggests that there’s probably a need for Apple to make changes to the AirTag firmware in order to fix the loopholes and prevent hackers from exploiting them in the future.
At the moment of writing, Apple is yet to comment on the discovered loopholes and how that issue would be addressed.
The AirTags are the latest addition to the Apple devices ecosystem and part of the Find My network, allowing users to find their lost items such as keys, bags, wallets, etc. You can find out more about AirTag right here.