Someone managed to jailbreak an AirTag already
AirTag Jailbreak: That didn’t take long.
Apple recently announced a tracking device that it calls the AirTag, a new competitor in the “smart label” product category.
The AirTag is a round button about the size of a key fob that you can attach to a suitcase, laptop or, indeed, to your keys, to help you find said item if you misplace it.
If you remember those whistle-and-they-bleep-back-at-you keyrings that were all the rage for a while in the 1990s, well, this is the 21st century version of one of those.
Unlike their last-millennium sonic counterparts, however, modern tracking tags come with loads more functionality, and therefore present a correspondingly greater privacy risk.
Armed with wireless connectivity in the form of Bluetooth and NFC, modern tags don’t just respond neutrally with a beep-beep-beep when you send them an audio signal and they’re within range.
Products like the AirTag also announce themselves with regular Bluetooth beaconing transmissions, just like your phone does when it’s in discoverable mode.
To stop your tags being used as a permanent tracking tool for anyone who’s stalking you, the Bluetooth identifier swaps itself around every few minutes, like the Bluetooth beacons used in the Apple-and-Google privacy-preserving “exposure notification” interface that was introduced for coronavirus infection tracking.
If someone else swipes an NFC-enabled phone near an AirTag, it presents them with a supposedly anonymous URL pointing to the Apple server found.apple.com, where they can report the misplaced item.
(We don’t have an AirTag to practise with, but apparently you can choose to reveal personal information such a phone number via the tracking URL, but we assume that nothing about your identity is revealed by default, so that lost items can be reported anonymously.)
Little more than a week after going on sale, Apple’s AirTag item track has already been jailbroken.
First spotted by The 8-Bit. German researcher ‘stacksmashing’ has been able to hack their way into an AirTag’s software, changing how it behaves when put into Lost Mode.
German security researcher and YouTube content creator that goes by the name Stack Smashing tweeted today that they were successful in “breaking into the microcontroller of the AirTag.” They were then able to re-flash the microcontroller that enabled them to modify elements of the software.
With the new software in place the hacked AirTag presents a custom URL when scanned in Lost Mode. Normally, scanning a lost AirTag would redirect users to Apple’s website but this particular one doesn’t. And that could open the door for all kinds of weird, wonderful, and perhaps dangerous things in the future.
And confirmed that we can re-flash the microcontroller! Woohoo.
— stacksmashing (@ghidraninja) May 8, 2021
It isn’t clear yet what else, if anything, a jailbroken AirTag could be forced to do or whether Apple could plug this hole via a software update in a similar method to how AirPods receive updates. Tim will tell.
Read the original article over at imore.com.