Apple’s Bluetooth trackers have already been dismantled, and now a hacker is setting out to extract more secrets from the AirTag.
The AirTag has naturally attracted the interest of security researchers. Thomas Roth from Germany, known as stacksmashing on Twitter, has shared a thread showing how he succeeded in dismantling the AirTag and overwriting the firmware of its controller.
Two AirTags broke during the procedure, but he eventually managed to hack into Apple’s firmware from the AirTag and change it.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳 /cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph
— stacksmashing (@ghidraninja) May 8, 2021
Following his hack the AirTag issued an address selected by him when contacting an NFC device rather than the usual found.apple.com that would enable an owner to locate a lost device. What this could mean in remains to be clarified, but the manipulation of the AirTag is not a trivial matter.
There is also a kind of DFU mode for AirTag in the firmware, the so-called maintenance mode for Apple devices. On the server side, Apple is likely to have built in some security functions to protect AirTag users from malware and the like.
Apple has also built a kind of developer mode into its Find My? App, this provides significantly more background information than the normal view.
Read our AirTag guide and our AirTag review. We also discuss various uses for the AirTag.
This article originally appeared on Macwelt. Translation by Karen Haslam.