Less than two weeks after its highly anticipated launch, Apple’s AirTags have already been hacked and reprogrammed by a security researcher.
It’s been a rough entry into the market for Apple’s alternative to the wildly popular Tile tracking device. First with a safety hazard that prompted a number of Australian retailers to pull the item from shelves, and now with a hack that seemingly exemplifies a security risk with the device.
Apple is highly regarded for its security measures, which has prompted researchers to try to hack the device to find any potential risks. And less than two weeks after the product first hit shelves, one researcher in Germany has already found an alleged loophole in the AirTag system.
German security researcher StackSmashing took to Twitter to allege that he was the first to “hack” the AirTag, as first reported by The 8-Bit.
“Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag!” he tweeted.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! ????????????
— stacksmashing (@ghidraninja) May 8, 2021
Although it took him hours of time and the cost of multiple now-broken AirTags, he managed to hack and jailbreak the device’s microcontroller.
As the name suggests, the microcontroller is used to control the device. So once StackSmashing infiltrated this system, he could essentially make the device do as he wished.
“Essentially, a microcontroller gathers input, processes this information, and outputs a certain action based on the information gathered,” Arrow explains.
In this instance, StackSmashing used the modified microcontroller to change the website that the AirTag redirects to when Lost Mode is enabled. Usually, the device sends you straight to found.apple.com, but as StackSmashing proved, it’s not that hard to send users to any website of your choosing.
Although it’s mildly inconvenient, this doesn’t seem like much of a security risk for users. However, if it’s this easy to “jailbreak” the device, it’s unclear exactly how far hackers could actually alter the AirTag.
Considering the AirTag is a tracking device, which is usually linked to valuable items in your possession, it’s quite concerning to see how easy it is to hack.
Obviously, it’s worth noting that the security researcher broke two AirTags in the process, which would probably be enough to deter some hackers.
It’s unclear what security measures, if any, Apple has implemented to prevent this from happening in future.
Gizmodo Australia has reached out to Apple for comment.