The Apple AirTag has already been hacked by security researchers even though it launched almost ten days ago. We’ve already seen people trying to drill holes into the tracker to avoid buying accessories, however, now something more serious has been discovered. A security researcher was able to hack the accessory and modify its NFC URL for lost mode. 

© onur-binay-unsplash

According to 8Bit, a German security researcher Stack Smashing tweeted that he was able to “break into the microcontroller of the AirTag” and modified elements of the item tracker software.

“A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals." According to AllAboutCircuits, “these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components.”

The security researcher managed to jailbreak the AirTag and had the ability to decide what the device wanted to do. In the video, the security researcher modified its NFC URL and compared it to a normal AirTag to show how it works. The regular ArTag opens the FindMy website, however the modified tracker could open any URL, which could be used for phishing attacks and other nefarious purposes. 

© Twitter_Ghidraninja

It is still unknown whether Apple will be able to fix this problem or implement a server-side blocking mechanism to prevent the AirTag from sending targeted users to custom URLs or prevent modified AirTags from accessing the Find My Network. If you’re wondering how it works, check out the video below that shows the comparison between the two AirTags. 

Built a quick demo: AirTag with modified NFC URL

(Cables only used for power) pic.twitter.com/DrMIK49Tu0

Source: 8Bit

View the full article