A Security Researcher Just Hacked into an AirTag
Apple's new AirTag device has already gathered some attention since its recent release on April 30.
Just in the last week, someone managed to break apart an AirTag to turn it into a thin card version that fits into a wallet, and now, someone else has hacked into an AirTag to break into its microcontroller, and to modify elements of its item tracker software. The latter proudly posted their achievements on their Twitter page.
It seems like Apple needs to employ more people who think outside the box, and who could potentially improve its products.
The latest "hack" attack of the AirTag was carried out by Stack Smashing, as the person calls themselves. The AirTag they worked on was jailbroken, which means that if a dangerous hacker wanted to, they, too, could break into the device's microcontroller and decide what they want it to do.
In their Twitter thread, Stack Smashing put up a short video of a regular AirTag, and their modified one. The regular one prompts the iPhone user to click on the Find My app, which is what it's meant to do. Whereas the modified AirTag prompts the user to click on a separate URL, whichever one the hacker chooses to impose.
Built a quick demo: AirTag with modified NFC URL 😎— stacksmashing (@ghidraninja) May 8, 2021
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
This type of hack attack could be used for phishing, or any other type of cyberattack — something that's happening all too often in our digital age.
Apple may welcome the news with somewhat open arms, as they sometimes entice software engineers and others to find vulnerabilities in new devices. These are called bounty programs, and a number of big companies use this system to improve their devices. For example, when Sony released its PS4, its bounty program offered rewards as high as $50,000 for anyone who could detect vulnerabilities.
Apple has yet to respond to the AirTag's hackable system, so we'll have to wait and see what comes of it.