A security technician succeeds in hacking an AirTag

Toni Cortes

2 minutes

Airtag hacked

Ever since I learned that Apple was behind the project to launch the Air TagI thought it would be a somewhat "dangerous" device due to its ease of being able to "spy" on third parties. Perhaps that is why Apple has taken so long to put it on sale, looking for a way to avoid it through software.

Apple has had to modify iOS so that the iPhone warns you if they have put a "foreign" AirTag hidden in your car or in your purse. But if they manage to hack the tracker to avoid such warning, they can transform the Apple keychain into a powerful spy locator of people. It's only been ten days since its release, and it has already been hacked. Bad business, then.

If when Apple launches a new iPhone model, soon after we see videos on YouTube of users doing all kinds of "shit", to see what it "holds", the new model of the year, we can not expect anything else from a new device that costs 35 Euros instead of the thousand that an iPhone costs.

If you search on YouTube you can already see AirTags disassembled, modified like a credit card, frozen, boiled like a hard-boiled egg, sent by post to follow the route by GPS, etc, etc, etc ... But we have found a video, which is no longer so funny, but rather « disturbing".

Jailbroken AirTag

https://twitter.com/ghidraninja/status/1391165711448518658

The German Security Investigator Stack Smashing has posted a video on Twitter where it shows how it has been able to hack the AirTag microcontroller and modify elements of the device's internal tracking software.

We could say that he has managed to do a jailbreak to the AirTag and modify its internal software, and thus change the behavior of the device. For example, the security researcher was able to modify his NFC URL. In the video, you can see the behavior of an original AirTag and yours already jailbroken.

Hopefully Apple takes note and can "shield" access to the firmware Of the device. If not, a jailbroken AirTag could become a somewhat "dangerous" device for the privacy of third parties, who can be the victims of a control of their positioning without their consent.


Buy a domain
You are interested in:
The secrets to launching your website successfully

Leave a Comment

Your email address will not be published. Required fields are marked with *

*

*

  1. Responsible for the data: Miguel Ángel Gatón
  2. Purpose of the data: Control SPAM, comment management.
  3. Legitimation: Your consent
  4. Communication of the data: The data will not be communicated to third parties except by legal obligation.
  5. Data storage: Database hosted by Occentus Networks (EU)
  6. Rights: At any time you can limit, recover and delete your information.