Given its hardness on security and privacy, it is really not surprising that Apple’s latest accessories are being placed under a microscope, both technically and even legally by people like tiles. Airtag tracker, after all, is in a prime position to be a spying device and some security hackers and security researchers seem to want to test whether it will indeed happen. Based on revelation during the weekend, airtag can indeed be reprogrammed but the process and the end result may not be commensurate with worries.
Like electronic devices, especially the “smart”, Apple Airtag has a microcontroller that regulates its activities. Which ranges from controlling the battery and Bluetooth to determine what is sent via the NFC radio. And just like other computers, that the microcontroller may be vulnerable to hacking, something posted by German security researchers and Youtube Stack Smashing content is proven.
In short, the stack smashing “hacked” The Airtag Microcontroller to modify the firmware and make it do something other than what it is designed for it. That, at least for now, means linking to a different URL when the NFC-enabled phone “knocks” tracker. Usually, it will link to Found.apple.com to start the missing mode process.
This hack can be used to make the phone go to a malicious website but gets to that point it might be indirect. Security researchers have not revealed the process but he recognizes bricks at least two airtags to get there. Unless the firmware tracker can be modified from the distant air, the only way you will get a hacked airtag if you get it through another party.
This airtag hack may actually be less worrying than the Debug menu that might be activated by Apple before sending trackers. Fortunately, it might be something easily fixed with firmware updates, although the one that presents that will – hackers use it actually update the firmware in the first place.