The Apple AirTag was released almost ten days ago. Since then, enthusiasts have turned AirTag into a thin card that fits in a wallet, and raised a serious security issue – with AirTag, it has proven “frighteningly easy” to chase an unsuspecting victim. Now the first security expert was able to hack the accessory.
The researcher, nicknamed Stack Smashing, wrote on his Twitter page that he was able to “hack the AirTag microcontroller” and change the elements of the software. For example, a security researcher was able to change his NFC URL. The video compares a regular AirTag with a modified one.
Built a quick demo: AirTag with modified NFC URL ???? (Cables only used for power) pic.twitter.com/DrMIK49Tu0
– stacksmashing (@ghidraninja) May 8, 2021
While a regular AirTag opens the official Find My … website, a modified beacon opens a third-party URL that can be used by attackers for phishing purposes, for example.