A security researcher hacked into Airtag’s microcontroller by reverse engineering it and modified its NFC URL for Lost Mode to redirect to their website instead of Apple’s.
The Lost mode allows users to allocate any tags they’ve lost to the Find My network and get notified when the tag is in range or found by someone. Those who find a lost Airtag can tap it with their phone or an NFC-enabled device and will be redirected to found.apple.com, which may contain the owner’s phone number if one was added.
The security researcher, called Stack Smashing on Twitter — also runs a Youtube channel by the same name — tweeted his successful tampering of Apple’s Airtag, which was launched last month.
While hacking into the microcontroller gives access to almost every feature of the device, the security researcher has depicted one of the things that someone could do with a modified Airtag — changing the URL that appears in the notification when an Airtag put in the Lost mode list is tapped by an NFC-enable device to their own website.
The demonstration shows that anyone who hacks into Airtags can potentially change the NFC URL for Lost mode and — unlike this case — could lead someone who taps on the Airtag with their NFC device to a malicious URL.
In theory, Apple could use server-side blocking to prevent modified Airtags from accessing the Find My Network, but for now, this vulnerability can be exploited in the open.
Anyone interested in modifying Airtags should know that the aforementioned security researcher bricked two of their Airtag pieces trying to reverse engineer them.
A day after the launch of Airtag, researchers found a vulnerability in Apple’s Airdrop authentication mechanism, which could potentially leak a user’s phone number and email address.
In the News: Clubhouse launches its Android app in beta