AirTag was launched two weeks ago, and has proved to be just as interesting to security researchers as tech reviewers. The diminutive Bluetooth tracker has the potential to be very useful for locating lost belongings, but any flaws in the security setup could be disastrous as the device is (by Apple’s standards) so cheap and is expected to sell in such large volumes.
Earlier this week, Thomas Roth (Stacksmashing) unveiled a
hack of the AirTag’s NFC chip to change the URL displayed when someone holds an NFC-equipped device next to the tracker. But now, the Find My network itself has been manipulated into a use other than the one intended.
Fabian Bräunlein programmed a microcontroller called ESP32 to send messages over Apple’s Find My network. By using the same encryption features used by the AirTags and other products with support for Find My, he shows how it is possible to send data other than location co-ordinates.
An AirTag in Lost Mode normally sends encrypted GPS co-ordinates over the Find My network with the help of passing iPhones and other Apple devices. With Bräunlein’s method, it’s possible to encrypt other data, such as a short text message. A specially crafted Mac application can then receive and decrypt the messages.
The technologies that make the AirTag and the Find My network secure mean that Apple will have a very hard time doing anything about this type of “misuse”. The encryption system makes it impossible for Apple to read a particular message, or determine whether it actually contains co-ordinates.
This article originally appeared on
Macworld Sweden. Translation by David Price.