A New AirTags Hack Leads to a Malicious Site Instead of the Return to Owner Page

Apple AirTag Key Ring attached to car keys
Justin Duino

Apple AirTags arrived with much fanfare (and some trepidation). We’ve already seen teardowns, drill hacks, and even hide-and-seek games. But now a security researcher proved it’s possible to hack an AirTag and change it to display custom sites when phones scan its NFC tag.

That bit might not seem like a big deal, but it’s important to remember how AirTags work when you don’t have an iPhone. If you happen upon an AirTag and you’re an Android user, you can tap it with NFC to open Apple’s return page. Hopefully, as a Good Samaritan, you’ll assist in returning the device.

But with a custom-loaded site, a bad actor could theoretically trick a well-meaning person into scanning a tag and opening a malicious site. That could lead to devastating results, especially if the phone in question isn’t fully up to date.

As spotted by The 8-Bit, security research “stacksmashing” posted the proof of concept on Twitter. He managed to break into the AirTag’s microcontroller, and reflash the device to change its NFC website information.

Now the current proof of concepts are hardly end of world demonstrations. AirTags are hard to get ahold of at the moment, and they’re not super cheap. It’s a lot of effort and money to spend, only to take the chance that someone wouldn’t just pocket the device, or use NFC tap to access the site. But it’s still worrying nonetheless, and might make you think twice about scanning that errant AirTag you found on the street. Which doesn’t help Apple’s promise to retrieve your missing AirTag in the long run.

via The 8-Bit

Josh Hendrickson Josh Hendrickson
Josh Hendrickson has worked in IT for nearly a decade, including four years spent repairing and servicing computers for Microsoft. He’s also a smarthome enthusiast who built his own smart mirror with just a frame, some electronics, a Raspberry Pi, and open-source code. Read Full Bio »

The above article may contain affiliate links, which help support Review Geek.


Our Readers' Favorite Products This Week





















Show More