How secure are Apple AirTags? Everything about tracking, hacks & phishing


Shortly after the initial euphoria surrounding the Apple AirTags, reports about hacking attacks, phishing, and other unsavory acts followed. This is only natural, and the obvious question arises: can people be tracked via these mini-tracers? NextPit decided to answer all of the important security concerns surrounding Apple’s trackers.
In our articles about Apple’s AirTags, one question kept popping up: Can’t someone just plant these tiny trackers on me and use them to track me? It is a fair question, as you do that to track the location of lost items to within a few feet via the “Where is?” network.

In addition to such concerns, other news sources also reported on hacking attacks, phishing, and cracked NFC codes shortly after the release of the AirTags. Therefore, we would like to address these concerns to provide you with peace of mind after purchasing the Apple AirTags. But let’s begin with the most obvious question.

Can you track people with AirTags?

The AirTags are about the size of a half-dollar coin. As a result, many of you have expressed concern that people might just toss these trackers into your backpack without your knowledge. Using the “Where is it?” network and other countless Apple devices that are located worldwide, you and your tracker could theoretically be tracked down to within a few meters.

As Apple revealed to YouTuber Rene Ritchie, there are two basic preventive measures against this. The first one takes effect if you yourself are an iPhone user. If an AirTag is within range of an iPhone that is not linked directly to it, you will receive a notification. You could then make a subtly planted AirTag beep and simply remove the battery.

If you use an Android smartphone instead, you won’t be able to see this notification. This is where the second security fail-safe kicks in. If an AirTag is out of range of a paired device for three days, a warning signal will sound. Using the NFC function on your smartphone, you can even check which account the tracker is connected to.

So it would be stupid to track someone using an AirTag. This is because the police would have a pretty easy time to track you down for such a crime due to the stored NFC information.

Stalking Android users is theoretically possible

Even though it’s a pretty stupid thing to do, Curved Magazine hints at another interesting scenario: If someone wraps the AirTag in a few layers of fabric or places it in a fairly soundproof case, it could be rather easy to miss the warning sounds. This procedure can be traced to a Washington Post journalist who tested the trackers out this way.

First and foremost, he mentioned that the long period of which the AirTags remain silent is critical – remember the three-day window? After that, he said, the AirTags will be rather quiet at a volume of 60 decibels, and the warning beep will only sound for 15 seconds every few hours. Even if such security concerns are justified, I wonder why an AirTag of all things could be abused in such a manner.

NextPit Apple AirTag 13
Your iPhone shows you where the AirTags are. Unfortunately, this is not the case on Android / © NextPit

A few years ago, I wrote a series of articles about smartphone tracking. With the right app and paid providers, it was even possible to access the GPS module of smartphones, the video camera, or the microphone. In short, if you want to wantonly track other people while committing a crime, tracking the phone is far easier.

Has Apple’s AirTags really been hacked?

But what if someone could simply exchange the NFC information and also disable the built-in security mechanism? That is a valid question from the very moment the first AirTag was hacked. The short answer: yes. A hobbyist managed to gain access to the tracker’s microcontroller.

In order to do this, he opened an AirTag and changed the stored URL that the gadget transmits when reading the NFC chip. This is critical as phishing websites or fake Apple pages could also be stored here. The conceivable scenarios are all too cumbersome to make the hacking effort worthwhile.

To hack your AirTags, an attacker would first have to steal them, take them apart, solder the relevant cables, hack the software, and reassemble it. If someone wanted to lure you to a phishing site via an AirTag, they would have to hope that someone would find the lost tracker and then scan it.

While the latter scenario is certainly possible, it doesn’t seem to be particularly worth the effort. Especially when it comes to phishing, emails or SMS are far more profitable as a lure than distributing paid AirTags.

As mentioned by the editor of the German website Computerbild, Apple is also already working on an update to close the security loophole. A hobbyist normally opens and hacks new devices to gain their 15 minutes of fame. At the same time, of course, it’s cool to show Apple that their supposedly secure devices aren’t 100% secure after all.

Can someone steal my AirTag and connect it to their iPhone?

If you lost an AirTag or your keychain was found without the tracker, that is, of course, a tragedy! But swiping one of Apple’s item trackers isn’t particularly purposeful. Because when you first set it up, the serial number printed on the case, among other things, is linked to your Apple ID.

NextPit Apple AirTag 1
Apple’s AirTag requires accessories to fit on keychains. / © NextPit

By pairing it to your account, an AirTag can’t be easily connected to another iPhone, so stealing the $29 accessory isn’t really worth it. Since your account information is also stored in the NFC tag itself, it’s also pretty easy to track down the original owner. There isn’t much to worry about theft here.

AirTags a danger for children?

Not to forget the security aspect, here is an interesting story from Australia. According to Gizmodo, an Australian retail chain has taken the AirTags off their retail shelves because the cell battery is too easy to remove. The rotating mechanism was found to be too unsafe and children could swallow the cell battery inside.

In the US and Europe, testers don’t seem to have worried about this, but of course you shouldn’t give your kids an AirTag as a toy, as it is small enough to be swallowed. Also, to track the gadget’s position in its own body after swallowing an AirTag and locating it with the U1 chip is not something I recommend.

What are your thoughts on the safety concerns of AirTags? Do you carry these tracking devices with a clear conscience or are you afraid of being tracked? Let us know in the comments!



Source link

Leave a Reply