…several tricks have been played on Apple’s recently released accessory.
Overtime, Apple has been respected as the tech company with the most security. Its latest tracking tool the iMac maker dubbed “AirTag” has been available for customer purchase. Since Apple’s tracker launched over a few weeks ago, several tech experts have attempted to bypass its default programmed security system.
Meanwhile, other tech experts have succeeded with other interesting tricks such as using AirTags as a stalking tool, which seems odd. While others have tried replacing its cover with slimmer cards to fit into a wallet.
A German security researcher, Stack Smashing, recently discovered a means to enhance Apple’s track accessory in case of lost mode — he reportedly tweaked AirTags NFC URL for swift access when lost, but directs its URL to a customized landing page.
According to Smashing findings which he then shared as a tweet, he bypassed Apple’s tracker to gain access to tweak the AirTag’s microcontroller — it consists of the memory, a micro processing unit, and other elements that complete the microcontroller circuit.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳
— stacksmashing (@ghidraninja) May 8, 2021
“These devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analogue, or electromechanical components,” AllAboutCircuits writes.
In the video the German security researcher shared, Smashing compared the original AirTag with the version he tweaked — he discovered that the controller of the hacked AirTag can decide whatever command the tracking accessory should process via the enhanced AirTag NFC URL.
The Smashed AirTag with enhanced microprocessing unit can access another link aside from its default Find My webpage. Stack Smashing tweet showed his AirTag opening a webpage that is not related to Finding My — this could be used to process other web functions such as phishing.
While Stack Smashing reportedly tricked AirTag’s microprocessing unit, Apple is expected to deploy a server-side blocking mechanism to defend its accessory tracker firewall or security software for maximum AirTag competence.