Apple recently launched its location tracking device AirTags at the ‘Spring Loaded’ event held in April. However, a German security researcher named stacksmashing has already broken into the device, according to a report by ArsTechnica. The security researcher was able to break into the AirTag, dump the firmware, and then successfully reflashed the microcontroller.
The security researcher was basically able to break into the microcontroller and analyze the firmware to study how the device works. The German security researcher’s name is Thomas Roth, according to his website stacksmashing.net. He was reportedly able to successfully change the internal workings of the AirTag to make it do other things apart from the standard set of code.
A modified Lost Mode: Never to be found!
Roth was basically able to make the AirTag send a non-Apple URL when it went to Lost Mode. As a standard, the AirTag when lost and when it has entered the ‘Lost Mode’ allows a person who finds the AirTag to tap on an NFC support smartphone to start the process of contacting the owner.
The AirTag basically when tapped onto an NFC enabled smartphone pops up a notification which redirects users to found.apple.com when tapped on the notification. So this is the mechanism used by Apple to make sure that a lost AirTag is somehow recovered by the owner. However, the security researcher Roth was able to successfully alter the system by editing the code to open any different URL and not the found.apple.com page.
Roth posted a demonstration video of the modified AirTag on his Twitter page. In the demonstration, it is visible that when the modified AirTag is brought close to an iPhone, it shows the link to stacksmashing.net. It is not a major security flaw but it could of course lead to one if Apple does not patch this soon.