A New AirTags Hack Ends in a Malicious Dwelling As a substitute of the Return to Owner Page

Apple AirTag Key Ring attached to car keys
Justin Duino

Apple AirTags arrived with much fanfare (and a few trepidation). We’ve already considered teardowns, drill hacks, and even conceal-and-search video games. Nevertheless now a security researched proved it’s that you may presumably perchance well presumably additionally imagine to hack an AirTag and commerce it to unusual custom sites when phones can its NFC rate.

That bit gained’t seem worship an infinite deal, nonetheless it undoubtedly’s valuable to undergo in mind how AirTags work whenever you don’t personal an iPhone. While you happen upon an AirTag and you’re an Android user, you may presumably perchance well presumably additionally faucet it with NFC to begin Apple’s return page. Confidently, as a Apt Samaritan, you’ll assist in returning the instrument.

Nevertheless with a custom-loaded pickle, a low actor may presumably perchance well theoretically trick a properly-meaning person into scanning a cost and opening a malicious pickle. That can presumably perchance well consequence in devastating results, especially if the mobile phone in request isn’t fully as much as this level.

As noticed by The 8-Bit, security study “stacksmashing” posted the proof of concept on Twitter. He managed to interrupt into the AirTag’s microcontroller, and reflash the instrument to commerce its NFC internet page knowledge.

Built a transient demo: AirTag with modified NFC URL 😎

(Cables most efficient outmoded for energy) pic.twitter.com/DrMIK49Tu0

— stacksmashing (@ghidraninja) Might perhaps presumably well also 8, 2021

Now the fresh proof of ideas are now not frequently conclude of world demonstrations. AirTags are exhausting to gain ahold of within the meanwhile, and so that they’re now not principal low-price. It’s loads of effort and money to expend, most efficient to eliminate the likelihood that someone wouldn’t beautiful pocket the instrument, or consume NFC faucet to gain admission to the positioning. Nevertheless it undoubtedly’s level-headed being concerned on the opposite hand, and may presumably perchance gain you deem twice about scanning that errant AirTag you found on the avenue. Which doesn’t assist Apple’s promise to retrieve your missing AirTag within the long term.

by skill of The 8-Bit

Learn More