Here's how an AirTag could be hacked. A team of researchers discovered how Apple's trackers could be converted into physical Trojans. Be careful.
The AirTag can be used as a "potential weapon"
The AirTags, the Cupertino OEM item trackers have been designed with good intentions: they are very useful and can be attached to important things like keys, luggage to help you find them in case of loss. However, such devices apparently also have a small design flaw, which could allow an unscrupulous individual to use them in a malicious way.
Bobby Rauch, a device security tester and researcher, recently reached out to cybersecurity blogger Brian Krebs about an exploit; he found that these BT trackers can be used as a potential vector for credential hijacking and data theft. The attack exploits the way Apple's 'Lost Mode' is set.
When lost, AirTags can be tracked remotely via the iOS “Find My” app, but a person who finds a lost tag can also help return it to the owner.
In fact, one of these trackers can be scanned through an NFC reader of an iPhone or Android device and, if the AirTag has been put in "Lost Mode", it will automatically reveal to the finder all the contact information that has been associated with the device. .
AirTag owners can configure this via the “Find My” application and can include a phone number or email address. If desired, they can also enter a short message, probably something like "Hey, this is mine, please bring it back to XYZ".
When someone finds and scans the AirTag, they will automatically be prompted on their phone to visit a unique URL showing the owner's contact information and message. Basically, it's the same similar concept as dog tags, only a lot smarter.
However, while this is a well-meaning feature, it exposes users to potential attacks. This is because there is currently nothing preventing an AirTag owner from injecting arbitrary code into the phone number field of the device URL. This code could be used to send the AirTag finder to a phishing site or other malicious web page designed to collect credentials or steal personal information. This is what Rauch reported to Krebs.
In theory, a thug could then buy AirTags with the specific purpose of converting them into malicious Trojans, and leave them scattered around so that they can be picked up by an unsuspecting person and steal their sensitive data.
Rauch, who discovered the exploit, told Krebs that he contacted the company in June and that they ignored him for some time. For three months, the Cupertino OEM representatives simply told the researcher that they were "still investigating" his claims. Eventually, when Rauch reached out to Krebs last Friday, the company finally got back to the man and said Apple had plans to fix the bug in an upcoming update. They also asked him not to publicize his findings.
However, Rauch has now done just that, blogging about how the exploit works: “An attacker can create armed AirTags and leave them lying around, stalking innocent people who are simply trying to help a person find the lost AirTag. ".
Source: Gizmodo