When I hear something’s been hacked, it conjures images of Le Carré-style spies and national security leaks, but this isn’t always the case. Sometimes, it’s just a brain genius hacking an Apple AirTag.
Over the weekend, Twitter user Stacksmashingmanaged to break into Apple’s tracking device. They also managed todump the firmwareof Apple’s new device (although this hasn’t been made public).
Feast your eyes on this:
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! ???
/cc@colinoflynn@LennertWopic.twitter.com/zGALc2S2Ph
— stacksmashing (@ghidraninja)May 8, 2021
We can all agree on one thing: this is cool. Apple is renowned for the strong security of its devices, so actually hacking an AirTag is a fantastic achievement. But there’s a bigger question to answer…
Should we be worried that someone hacked an AirTag?
Calling all Scaleup founders! Join the Soonicorn Summit on November 28 in Amsterdam.
Meet with the leaders of Picnic, Miro, Carbon Equity and more during this exclusive event dedicated to Scaleup Founders!
Let’s try and break this down logically. First, we need to find out exactly what Stacksmashing managed to achieve. From a user perspective, the most notable element is they managed toalter the NFC URL.
Effectively, when you tap an AirTag with your phone, it normally directs you to Apple’s Find My service. Stacksmashing managed to alter this so it opened a website of their choice. Like this:
Be careful when scanning untrusted AirTags or this might happen to you?pic.twitter.com/LkG5GkvR48
— stacksmashing (@ghidraninja)May 9, 2021
A point raised inthe Twitter threadis whether or not this hacked or jailbroken AirTag could be used for tracking and recording. Effectively, someone could disable anti-stalking measures and follow you. It’s also broadly possible to use the accelerometer inside the hardware to record audio. In other words, an AirTagcouldbecome a spying device.
So… should you be worried?
Not really. At least not yet. In order to hack the AirTag, Stacksmashing had to take it apart, whip out the soldering iron, and power it externally. In other words, if someone’s going to do this with an AirTag you own, it’s gonna take a lot of time and access.
If someone really wants to spy on you, there are far easier ways to do than this. An AirTag being hacked isn’t going to impact you currently.
Really, we should be pleased that someone’s managed this feat. Apple is bound to take note of this and, hopefully, will take further steps to ensure that these devices can’t be easily used to erode someone’s privacy.
Still, massive respect to Stacksmashing. This is cool as fuck.
Story byCallum Booth
Callum Booth is a freelance journalist with over a decade of experience. Previously, he was the Managing Editor of TNW, where his reporting(show all)Callum Booth is a freelance journalist with over a decade of experience. Previously, he was the Managing Editor of TNW, where his reporting was cited widely, including in VICE, the FT, and the BBC.
Callum’s writing has appeared in The Verge, The Daily Telegraph, Time Out, and many more. He covers the full spectrum of technology, with a particular focus on how it shapes our daily lives. And a lot of regulation stuff too.
Outside of work, Callum’s an avid bookworm, a Fisherman’s Friends addict, and resolutely unshaven. Follow him on Twitter @CallumBooth or visit www.callumbooth.net.
Get the TNW newsletter
Get the most important tech news in your inbox each week.
