The Airtags are the latest invention (not exactly original) of Apple and that allows us to always have any object located make it of special importance. For example, house or car keys, a purse, a coat, etc. All with the intention that in case of not finding it, these little gadgets do their job of recording their GPS position in the “Search” app.
Now, what would happen if all that location system that Apple has developed was left to nothing because of a small problem that affects the security of the device itself? That is what a German researcher has achieved, who in recent days has worked with the objective of demonstrating that we are facing a vulnerable system and it might not work properly.
Redirection to different URLs
These Airtags are effective thanks to their low latency bluetooth connectivity, which allows you to communicate with any device of the brand that passes by. We just have to tell one of these little devices that it is in lost mode, so that start sending distress signals (figuratively speaking) that can be heard by any iPhone, iPad, Mac, etc., on the planet: name, contact telephone number or any other data that the owner deliberately configures.
– stacksmashing (@ghidraninja) May 8, 2021
Then, these signal receivers are responsible for sending the notice and location to its owner through the system developed by Apple. In this way, it is possible to know where that Airtag isas well as its linked object. Now, what this researcher has shown is that one of these tags could be manipulated (flashing a microcontroller) so that the moment we activate the lost mode, the URL towards which it points is not the legitimate one that Apple enables, but another that could develop the pirate to receive the notification.
Anyway, to cause this problem it seems that physical manipulation of the Airtag is necessary, which reduces this risk of hacking to people of special relevance who could be subject to monitoring by international organizations. Because on second thought, do you think that someone could go to so much trouble to get hold of a small object that ordinary people are going to use with one of these Airtags? It looks like it doesn’t. Although it would not be bad for Apple to take action on the matter and reduce the risks to zero.