Security researcher Stack Smashing said he managed to break into the microcontroller of the Apple AirTag and modified elements of the item tracking software.
AppleAAirTag is a small accessory for iPhone that allows you to track and find the most important items with Apple’s Find My app.
Apple guarantees high levels of security built into its products, which has made the new AirTags a target for security researchers, AppleInsider reported.
The security researcher performed firmware dumps and eventually discovered that the microcontroller could be reflashed after a few hours and several tags destroyed in the process.
The researcher proved that it was possible to modify the programming of the microcontroller, to change its operation.
A first demo showed an AirTag with a modified NFC URL which, when scanned with an iPhone, displays a custom URL instead of the usual “found.apple.com” link.
Research shows that it takes a lot of skill and effort to hack AirTag in the first place.
During a demo video, the modified AirTag is shown attached to cables, which are supposed to only supply power to the device.
Since AirTag relies on the secure Find My network for its Lost Mode to work, Apple would deploy some form of server-side defense against any maliciously altered version.
A hidden debugging mode was found in AirTag, providing developers with more information than users would normally need about the device’s hardware.