Apple AirTag, the Bluetooth tracker that was unveiled final month to let folks discover their misplaced objects, is claimed to have some safety loopholes that would permit hackers to switch its firmware. A safety researcher has demonstrated the loopholes by hacking the AirTag utilizing reverse engineering. The researcher claimed on Twitter that he was in a position to modify the default NFC hyperlink out there by means of the tracker by reflashing its microcontroller. This seems to be the primary profitable “jailbreak” try on the AirTag, which Apple claims to be designed with privateness and safety at its core.
German safety researcher Thomas Roth who goes by the title “stacksmashing” on social media tweeted on Sunday that he was in a position to efficiently hack the Apple AirTag by “breaking into” its microcontroller. He claimed that after getting access to the microcontroller, he reprogrammed the AirTag and modified its firmware.
The modifications made by the safety researcher allowed him to tweak the performance of the AirTag and put a customized NFC hyperlink when it’s within the Misplaced Mode, as proven in a video posted on Twitter.
Usually, when the AirTag is within the Misplaced Mode, it shows a notification when scanned by an NFC-capable smartphone, akin to an iPhone or an Android smartphone, with a hyperlink to the discovered.apple.com web site (a part of the Discover My community) to show details about the proprietor.
The hackers might be capable of leverage the loopholes showcased on Twitter to focus on those that discovered the misplaced AirTag to malicious web sites, as an alternative of displaying details about the consumer. Nonetheless, Roth did point out in his tweets that it took hours for him to convey modifications. He additionally stated that he bricked a few AirTags earlier than reaching success.
Apple claimed privateness and safety because the core options of the AirTag on the time of its official announcement final month. Nonetheless, the tweets posted by Roth counsel that the Cupertino firm could must convey an replace to dam firmware-level modification.
Devices 360 has reached out to Apple for a remark and can replace this area when the corporate responds.