Apple released AirTags are an object-location finder (smart tracker) that users can simply slap on items that often lose. Well, a German security researcher stacksmashing was able to succeed in jailbreaking two Apple AirTags, dump their existing firmware and reflash the microcontrollers to open a link not authorized by Apple.
Yes, you heard it right. Stacksmashing was able to reprogram the microcontroller by analyzing the functions of the existing (dumped) firmware and reprogram it. This indeed brings along security issues that people could have with the AirTags for sure.
The first successful attempt at jailbroken AirTags
The security researcher was able to modify the link that AirTags triggers in the Lost Mode. To explain, once an AirTag is set to Lost Mode, the tracker will send a notification on any NFC-enabled smartphone with the link found.apple.com. The link contains the contact information of the owner which is how a finder can contact the owner and return the object.
Here, the research dumped the firmware of the microcontroller and replaced the Apple link with another link such as stacksmashing.net as seen in the video tweeted. This doesn’t seem harmful but it does open up an avenue for attackers for targeted malware attacks.
Apparently, an attacker could program a high-value target which is also known as the “seed the parking lot with flash drives” technique.
Another potential privacy issue with the AirTags is the stalker’s tool where an attacker could plant an AirTag on a victim finding ways to disable the “foreign AirTag” notification.
For the uninitiated, if an AirTag is traveling near an iPhone it isn’t paired with, it will soon start sending notifications to the iPhone about the nearby tag. But this applies if the victim has an iPhone since if he/she has an Android smartphone, it wouldn’t trigger the notification.
Another countermeasure put forth by Apple is the audible noise that an AirTag would start making about three days of being lost. Here, an attacker could potentially reprogram the firmware to suppress this countermeasure making it a perfect stalker’s tool.
Since the AirTag is not jailbroken, it is now up to Apple to block such use of AirTags on its network since, without access to it, the AirTag would just be a chunk of electronic equipment slapped on an object.
Image Courtesy: stacksmashing