Apple AirTag may have certain security issues that could be exploited by hackers to modify the firmware of the device. Apple had released the AirTag last month to help people keep track of their misplaced items. The Bluetooth-enabled tracker by Apple has reportedly been hacked by a German cybersecurity researcher as per a Tweet which is a first for the device. The researcher reportedly used reverse-engineering on the AirTag’s microcontroller to hack it.
The security loopholes have been demonstrated by the German security researcher Thomas Roth who goes by the name “stacksmashing” on Twitter. The security researcher hacked Apple’s AirTags using reverse engineering and posted a video on Twitter detailing his account. According to the post on Twitter, he was able to modify the default NFC link available through the tracker by reflashing its microcontroller. He added that after gaining access to the microcontroller, he reprogrammed the AirTag and modified its firmware. He further tweaked the functionality of the AirTag and put a custom NFC link when it is in the Lost Mode, as shown in the video he posted on Twitter.
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
When an AirTag is in the Lost Mode usually, it displays a notification when scanned by an NFC-capable smartphone with a link to the found.apple.com website to display information about the owner. The loopholes showcased by the user on Twitter could possibly be leveraged by hackers. Apple had spoken about privacy and security being the core features of the AirTag at the time of its official release last month. We will have to wait and see how Apple responds to the claim.