Apple’s Bluetooth-based item tracker AirTags was launched last month after a lot of speculation and rumours around the device. Within a few weeks of its launch, the Apple AirTag is found to have some security loopholes that could allow hackers to modify its firmware. A security researcher on Twitter claimed that he was able to modify a default NFC link on the AirTag by reflashing its microcontroller. The security researcher demonstrated the loopholes by hacking the AirTag using reverse engineering. It allowed him to tweak the functionality of the AirTag and put a custom NFC link when the AirTag is in Lost Mode. This, accoring to reports, appears to be the first “jailbreak" of the AirTag. The German security researcher Thomas Roth, who goes by the name “stacksmashing" on Twitter, said that he was able to hack into the AirTag by breaking into its microcontroller.
The changes made by Roth allowed him to tweak the functionality of the AirTag and put a custom NFC link when it is in the Lost Mode. Roth even posted a video on Twitter to show how he can show a custom link instead of the default notification which is linked to found.app.com website. The hackers could leverage this loophole to target those who found a lost AirTag to malicious websites, instead of displaying the information of the user. Roth, however, said that it took him hours to make these modifications and that he even bricked a couple of AirTags before reaching success.
Built a quick demo: AirTag with modified NFC URL 😎(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
Apple, during the launch last month said that privacy and security are the core features of the AirTag. The issue flagged by Roth could also be blocked by Apple with a firmware-level modification.