Apple AirTag hacked by security researcher: Report


London, May 9 (IANS): German security researcher Stack Smashing said that he was able to "break into the microcontroller of the AirTag" and modified elements of the item tracker software.

AppleAAirTag is a small iPhone accessory that helps keep track of and find the items that matter most with Apple's Find My app.

Apple is well known for having high levels of security built into its products, which has led to the new AirTags becoming a target for security researchers, AppleInsider reported.

After a few hours and the destruction of multiple tags in the process, the security researcher made firmware dumps and eventually discovered the microcontroller could be reflashed, the report said.

In short, the researcher proved it was possible to alter the programming of the microcontroller, to change how it functions.

An initial demonstration showed an AirTag with a modified NFC URL that, when scanned with an iPhone, displays a custom URL instead of the usual "found.apple.com" link.

While only in its early stages, the research shows that it takes a lot of know-how and effort to hack AirTag in the first place.

During a demonstration video, the modified AirTag is shown attached to cables, which are claimed to provide just power to the device.

Given that AirTag relies on the secure Find My network for its Lost Mode to function, it seems likely that Apple would roll out some form of server-side defense against any maliciously modified versions, the report said.

Since its launch, a hidden debug mode has been found in AirTag, providing developers with considerably more information than users would normally need about the device's hardware, it added.

 

  

Top Stories


Leave a Comment

Title: Apple AirTag hacked by security researcher: Report



You have 2000 characters left.

Disclaimer:

Please write your correct name and email address. Kindly do not post any personal, abusive, defamatory, infringing, obscene, indecent, discriminatory or unlawful or similar comments. Daijiworld.com will not be responsible for any defamatory message posted under this article.

Please note that sending false messages to insult, defame, intimidate, mislead or deceive people or to intentionally cause public disorder is punishable under law. It is obligatory on Daijiworld to provide the IP address and other details of senders of such comments, to the authority concerned upon request.

Hence, sending offensive comments using daijiworld will be purely at your own risk, and in no way will Daijiworld.com be held responsible.