[German]A German security researcher has managed to break into the firmware of Apple's AirTag controller, dump it and then manipulate it after a few attempts. This allowed the security researcher to display a YouTube video on the phone to users trying to read an AirTag. Here is some information on this issue.
Advertising
What is an Apple AirTag?
The AirTag is a tracking device developed by Apple that was announced and unveiled at an event on April 20, 2021. The AirTag is supported on all devices running iOS/iPadOS 14.5 or later and has been available since April 30, 2021. AirTag works like a key finder: It helps find keys and other items using ultra-wideband (UWB) technology. By using the built-in U1 chip in iPhone 11 or later, users can locate items via UWB with "Accurate Search". Sounds good, as long as the AirTag can't be modified.
The AirTag hack
A German security researcher with the alias stacksmashing has published the results of his field research in a series of tweets on Twitter under the name @ghidraninja.
After he was successful in reading the firmware, he was able to modify it and flash the micro-controller on the AirTag with new firmware. This allows him to change the functionality of the AirTag.
Advertising
A video with a demo can be accessed via the above tweet. In the right AirTag, the "found.apple.com" URL is opened in the original AirTag. The left AirTag with the cables has been modified. There, the demo opens the website stacksmashing.net, which opens the door to misuse. The security researcher shared another video via this tweet, where the AirTag scanned via smartphone opens and plays a YouTube video. A more detailed description of this hack can be found at the8-bit.com.
