Security Researcher Hacks Apple’s AirTag and Modifies Its Software

MakeUseOf

By Christian Zibreg

Published May 10, 2021

A security researcher has successfully hacked his AirTag to show a custom website in Lost Mode instead of a Find My URL.

Despite being new to the market, Apple's AirTag item tracker has been successfully hacked to display a custom website when the device is put in Lost Mode.

Apple AirTag Has Already Been Hacked

Thomas Roth, a security researcher from Germany, reported on Twitter that he has successfully managed to hack his own AirTag---an impressive accomplishment considering that this product was only released on April 30th, 2021.

The researcher has reportedly managed to break into the accessory's microcontroller, a small computer on a single chip that typically manages and controls other components and peripherals. In doing so, Roth was able to flash the microcontroller---in other words, to rewrite Apple's software powering the device.

He also shared a video demonstrating how a modified AirTag with a custom Find My URL works compared to a non-hacked version. The modified AirTag has to be connected to cables in order to provide power to the device, Roth says. He had to gut the logic board from the device chassis because the AirTag is a very tightly packed little device.

Changing the URL for AirTag’s Lost Mode

Dumping the AirTag firmware has led Roth to modify it so that the device displays a custom URL in Lost Mode leading to his personal website instead of the special Find My one.

When the user marks their AirTag as lost in the Find My app, they can create a custom message saying that the accessory has been lost. Such a message would typically include the owner's phone number. If someone else finds a lost AirTag, they can use any smartphone that supports NFC to access a special webpage with the Lost Mode message.

Roth says his proof-of-concept hack serves to demonstrate that the AirTag's software can be modified to change what specific functions like Lost Mode do. It's unclear what else could be done and whether malicious users could leverage this hack for nefarious purposes.

We're purely speculating, but the jailbreak community could take advantage of this to add custom features and user customizations to the AirTag that are unsupported out of the box.

An AirTag being held in the hand while it makes the chime

What You Need to Know About AirTag Security

The AirTag relies on Apple's secure Find My network which was designed to keep location data private and anonymous with end-to-end encryption. Importantly, no location data or location history is physically stored inside the AirTag.

"Communication with the Find My network is end-to-end encrypted so that only the owner of a device has access to its location data, and no one, including Apple, knows the identity or location of any device that helped find it," according to Apple.

Thankfully, Apple patches vulnerabilities in its products as soon as humanly possible. A future software update for the AirTag might fix this security oversight so that the microcontroller could no longer be broken into.

On top of that, Apple could theoretically disable a hacked AirTag remotely by preventing it from communicating with the Find My network in the first place.