More security flaws found in Apple AirTags

News
By published

Apple’s latest gadget can be abused for malicious purposes.

Scammers
(Image credit: Pixabay)

All it takes is a little knowledge, and a little creativity, to apparently turn the new Apple AirTags into a spy gadget straight out of a James Bond movie. Motherboard has reported how several hackers, some acting out of sheer curiosity, managed to crack open Apple’s new device and completely change its purpose.

In some examples, the hackers have even shown how AirTags could be turned into potentially malicious devices - although there’s no evidence of such tactics being used in the wild just yet.

AirTags are basically Apple buttons that users can attach to different items and track their movement. The devices were unveiled earlier this year after months of speculation, and could be a huge potential earner for Apple.

Publishing a YouTube video on his methods, hardware researcher Colin O'Flynn showed how he jailbroke the AirTag and had it send a malicious URL to an iPhone.

"The AirTags ship in a state where you can not access the internal processor/microcontroller, because during manufacturing they locked the debug interfaces," another researcher, Thomas Roth, revealed. "I managed to re-activate the debug interface and dump the firmware from the AirTag."

AirTags as a communications gadget

In separate research, Fabian Bräunlein of Positive Security managed to broadcast arbitrary data to nearby Apple devices via the Find My protocol. In a blog post, Bräunlein said broadcasting arbitrary data was made possible by spoofing many AirTags, and encoding data in which AirTag was active. He then made the device upload the data as it reported on its location.

Bräunlein believes this approach could be used to turn the device into a communications gadget.

"I was curious whether Find My's Offline Finding network could be (ab)used to upload arbitrary data to the internet, from devices that are not connected to WiFi or mobile internet," Bräunlein told Motherboard.

Although he praised Apple’s work, saying it was “cryptographically well designed," he added that the company could “limit the misuse potential” through design changes.

Via: Motherboard

TOPICS
Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Find My app logo displayed on an iPhone 11 screen
This Find My exploit lets hackers track any Bluetooth device – here’s how you can stay safe
Computer Hacked, System Error, Virus, Cyber attack, Malware Concept. Danger Symbol
Apple users facing new security risks after critical USB component hacked
Bluetooth
Top Bluetooth chip security flaw could put a billion devices at risk worldwide
Spyware
Government-linked Italian spyware maker caught distributing malicious Android apps
A person in a wheelchair working at a computer.
Why betting on Mac security could put your organization at risk
In this photo illustration a Google Play logo seen displayed on a smartphone.
Why is there so much spyware hidden in the Play Store?
Latest in Security
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
An American flag flying outside the US Capitol building against a blue sky
Five Eyes "cannot replace US intel in Ukraine", claims former US Cyber Command Chief
Pirate skull cyber attack digital technology flag cyber on on computer CPU in background. Darknet and cybercrime banner cyberattack and espionage concept illustration.
Criminals are using a virtual hard disk image file to host and distribute dangerous malware
WordPress on a laptop
Over 20,000 WordPress sites hit by damaging malware campaign
Trojan
WhatsApp patches security flaw which let hackers install spyware
A man holds a smartphone iPhone screen showing various social media apps including YouTube, TikTok, Facebook, Threads, Instagram and X
A worrying Apple Password App vulnerability reportedly left users exposed for months
Latest in News
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way
A image of Saros character Arjun
Housemarque’s boss is surprisingly positive about Sony’s acquisition – and it’s good news for Saros
Oura Ring 4
One of Apple's top health execs is ditching the company for Oura, and I've never been more convinced smart rings are the future
Living room with Microsoft Xbox Series X (L) and Sony PlayStation 5 home video game consoles alongside a television and soundbar, taken on November 3, 2020.
The PS5 is currently selling faster than the PS4 did in the US, but I'm surprised to discover that the Xbox Series X and S are trailing behind Xbox One
Nvidia logo
Nvidia RTX 5060 Ti could be delayed to mid-April and RTX 5060 to mid-May – is AMD starting to look like a clear winner in the battle of Blackwell vs RDNA 4 GPUs?
More about security
Lock on Laptop Screen

Data breach at Pennsylvania education union potentially exposes 500,000 victims
Trojan

WhatsApp patches security flaw which let hackers install spyware
Asus ROG Strix G16 vs Asus ROG Strix SCAR 16 against a TechRadar background

Asus ROG Strix G16 (2025) vs Asus ROG Strix SCAR 16 (2025)
See more latest
Most Popular
Living room with Microsoft Xbox Series X (L) and Sony PlayStation 5 home video game consoles alongside a television and soundbar, taken on November 3, 2020.
The PS5 is currently selling faster than the PS4 did in the US, but I'm surprised to discover that the Xbox Series X and S are trailing behind Xbox One
Lock on Laptop Screen
Data breach at Pennsylvania education union potentially exposes 500,000 victims
Samsung Galaxy Tab S9 FE Plus on a desk showing the rear of the device from above
The Samsung Galaxy Tab S10 FE could be a powerful iPad Air rival, based on the latest specs rumors
Trojan
WhatsApp patches security flaw which let hackers install spyware
God of War 20th anniversary vinyl box set.
The God of War 20th anniversary vinyl box set features 13 discs and 150 remastered songs
Boston Dynamics all electric Altas
This robot can do a cartwheel better than me and now I'm freaking out – but in a good way
A image of Saros character Arjun
Housemarque’s boss is surprisingly positive about Sony’s acquisition – and it’s good news for Saros
Oura Ring 4
One of Apple's top health execs is ditching the company for Oura, and I've never been more convinced smart rings are the future
The A Minecraft Movie Meal from McDonald's.
McDonald's reveals A Minecraft Movie meal with a bizarre set of collectibles and the most sinister sounding sauce ever
Apple iPhone 16e REVIEW
The iPhone 16e’s 5G performance seemingly has the iPhone 16’s beat