Hacked AirTags can lead users to malicious websites

A security researcher has successfully hacked into the AirTag microcontroller and changed the behavior of this tracking device.
Introduced at the end of April 2021 and only sold to the market from April 30, AirTag is an accessory that allows users to attach easily lost items such as keys, wallets …

With Lost Mode enabled, AirTag will send out a signal to one of the billions of Apple devices around the globe, then send a notification about the user’s iPhone to they visit Apple’s location site (found.apple.com) so that users know the AirTag’s location. Researcher Thomas Roth recently shared a video of his work on AirTag’s performance and progress. Specifically, when the owner of AirTag turns on the loss of device notification, if an iPhone is near, the iPhone will be prompted to visit the page “found.apple.com”. However, with the affected AirTag, the iPhone displayed the researcher’s website. AirTag is a newly launched accessory from Apple Thomas Roth said he hacked into AirTag’s microcontroller, then “flashed” the component again to modify the device’s performance. It took hours to run and caused two AirTags to fail, before succeeding. However, to perform the hack shown by Thomas Roth is not easy, as hackers need to intervene directly in the AirTag without the user’s discovery. But this is proof that AirTag has been hacked and can intervene, similar to the form of “jailbreak” on the iPhone, which means that a device as compact as AirTag also poses a potential security risk. security, requires Apple to have solutions to enhance security on its device.