As reported by Pocketnow, an IT security researcher, who goes by the username stacksmashing on Twitter, managed to get control over Apple’s AirTag object trackers’ microcontroller and modified the underlying software that works when Lost Mode is activated. The hacker then managed to replace the default URL that Apple baked into the AirTag software with his own personal website.
The jailbreak raises questions over the potential ability of malicious hackers to bypass the anti-stalking measures Apple has put in place, and use the AirTags for secretly tracking someone. In a recent investigation by The Washington Post, it was discovered that there are several shortcomings in the anti-stalking toolkit of AirTags and that they can be misused with relative ease.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳
— stacksmashing (@ghidraninja) May 8, 2021
/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2Ph
<p style=\"font-weight: 400;\">The effort undertaken to attack the new AirTag was intensive and impressive, but tracking people must not be taken lightly. Cyberstalking and monitoring offenses are on the increase and more measures need to be put in place to reduce the risks, both from the technology firms and by the users themselves.</p> <p style=\"font-weight: 400;\"> </p> <p style=\"font-weight: 400;\">This latest hack will inevitably force an update by Apple. However, it raises the issue of increased tracking and people must remain vigilant to signs of others knowing where they are or who they are speaking with. Apple has designed this device with security in mind to mitigate the risk but as with anything that is used to track an item, it could be used illicitly and people must take care where they can.</p>