The tracker 'AirTag' that tells you the exact location of genuine Apple lost items is hacked
Apple's lost item tracker ' AirTag ' released on April 21, 2021 was immediately hacked by security researchers.
Security researcher hacks AirTag; modifies NFC URL for Lost Mode
AirTag hacked for the first time by security researcher [Video] ―― 9to5Mac
German security researcher Stack Smashing tweeted that he had successfully hacked an AirTag microcontroller and rewritten the software on board.
According to Smashing said, the trial and error and two AirTag over 2 hours paperweight of After it and succeeded in invading the micro controller that is finally mounted on AirTag. Smashing explains that he succeeded in dumping the firmware and some important areas.
Normally, when you read the lost AirTag in the NFC area of your smartphone, you will see the dedicated URL 'found.apple.com'. However, Mr. Smashing succeeded in displaying his own URL on the hacked AirTag. If a malicious attacker like Smashing hacks AirTag, it will be possible to display URLs such as phishing sites.
Built a quick demo: AirTag with modified NFC URL ????— Stacksmashing (@ghidraninja) May 8, 2021
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
Mr. Smashing only changed the URL to his own in this hack, but it is also pointed out that it is possible to change other functions because he is hacking the microcontroller that is the brain part of AirTag.