You knew it was just a matter of time before someone hacked Apple's AirTags, but it might have happened sooner than you expected. 9to5Mac reports that security researcher Thomas Roth has already cracked the microcontroller for Apple's item tracker, dumping its firmware and discovering that you can re-flash it for your own purposes.
Roth demonstrated the
possibilities by modifying the NFC web address (the one that appears when you
tap an AirTag) to his personal site. As you might guess, that raises the
potential for hacked AirTags that send users to malware and phishing sites.
The practical threat to
users are likelysmall. An attacker would have to obtain someone's existing
AirTag, modify it and place it such that an unsuspecting victim would find it
and want to tap it. That's also presuming that Apple doesn't have a way to
block modified AirTags, as 9to5 suggested. Still, this suggests
you'll want to have an up-to-date phone and a reasonable degree of caution
before you tap any NFC-equipped tracker.
The hack may offer more
potential to enthusiasts. You could point to websites that automatically launch
certain apps, such as the App Store or Apple Music. That's not including
functionality beyond NFC. This concept isn't
new, but the likely ubiquity of AirTags could make it relatively popular.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳
— stacksmashing (@ghidraninja) May 8, 2021
/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph
Comments
Post a Comment