An engineer claims to have been able to hack Apple AirTags, video in support. This raises the question of the emergence of counterfeits.
Computer security poses increasingly serious challenges in new technologies, as we increasingly entrust a little more of our life to digital. When Apple launches with its AirTags, expected for several years, it is obviously the start of the race for security engineers: who will manage to break the protections first to reveal any vulnerabilities.
A physical hack
The Stack Smashing Twitter account, which according to his bio belongs to “a computer security researcher” claims to have been able to break the security of the Apple AirTag microcontroller.
With this openness, the person was able to modify certain behaviors of the internal software of the Apple AirTag. In a video, Stack Smashing shows for example how it changed the URL of the NFC scan of the Apple AirTag when approaching an iPhone.
Built a quick demo: AirTag with modified NFC URL
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
A simple demonstration that suggests other more severe modification for the device, which must however be tempered.
A hack that could target future AirTags
As you can see in the video, to set this hack in place, StackSmashing had to open the AirTag and connect cables to it directly to the motherboard. It is therefore a hack anything but obvious, which requires a little resources, unlike a hack that would have gone through a purely software flaw.
It is therefore difficult to imagine this method becoming generalized to hack the neighbor’s AirTag. StackSmashing has also indicated to have broken two AirTag while trying to access the microcontroller.
So what is the risk posed by this discovery? Malicious people could open and modify legitimate AirTags into counterfeit ones. By changing the way the microcontroller works, but marketing it through marketplaces on the Internet, these people could more easily reach users who thought they were buying Apple hardware.
This first hack could also pave the way for the discovery of software flaws through the microcontroller. One thing is certain, the new AirTags are fascinating in the field.