Security Researcher Jailbreaks AirTag and Modifies its NFC URL – Video
The AirTag was announced at Apple's highly anticipated Spring Loaded event. While it has been mere days since launch a security researcher has hacked the accessory and modified the elements of the NFC URL for Lost Mode. It would not be wrong to coin that the hack allowed for an AirTag jailbreak. Scroll down to see more details on the scenario and whether there are more possibilities of the hack.
Hacker Jailbreaks AirTag to Modify the Elements of NFC URL - What are The Possibilities?
We recently covered that the Find My app on iPhone houses a Developer Mode for the AirTag, revealing plenty of details for what goes under the hood. Now, a German security researcher Stack Smashing has tweeted today that he was able to hack or jailbreak an AirTag (via The 8-bit). He broke into the AirTag's microcontroller and modified the elements of the accessory's software.
A microcontroller is an integrated circuit (IC) used for controlling devices usually via a microprocessing unit, memory, and other peripherals. According to AllAboutCircuits, “these devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components.”
With the AirTag jailbreak performed, we can presume that it can be used for other purposes. For instance, the video shared below opens up a non-related URL on the iPhone instead of directly taking the accessory to the Find My website. As of now, details regarding its utility are scarce and we will wait for the developer to tinker with the software.
You can check out the tweet below that carries the AirTag hack, comparing a normal and a modified version of the AirTag.
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
In addition to this, it remains to be seen if Apple will be able to fix this using a software update. Since the AirTag hack or jailbreak leads the user to a random website, it can serve as a tool for phishing and more. Henceforth, we expect the company to note this and fix the exploit that leads the security researcher to a hack.
This is all there is to it, folks. What are your thoughts on the scenario? Do you think Apple will fix it with an update? Share your insights with us in the comments.