Apple's new AirTags have been hacked — but not in any way that you need to worry about.
- AirTag anti-stalking measures tested — and they're not good enough
- AirTag vs. Tile: How Apple’s key finder compares
- Plus: iPhone 13 leaks add up to a lot of meh — except for one upgrade
When he put the AirTag in "Lost Mode" and pointed his iPhone at it, the phone's browser was sent to Roth's own website instead of Apple's Find My website.
Built a quick demo: AirTag with modified NFC URL 😎(Cables only used for power) pic.twitter.com/DrMIK49Tu0May 8, 2021
Later, Roth changed it so that the hacked AirTag Rickrolled him:
Be careful when scanning untrusted AirTags or this might happen to you😆 pic.twitter.com/LkG5GkvR48May 9, 2021
What are the dangers of this AirTag hack?
There aren't many.
But that wouldn't deliver much bang for the buck, unless you had a specific high-value person as your target. Roth said he bricked two of the devices before getting it right with the third; Because AirTags costs 35 euros ($42 in U.S. dollars) apiece in Germany, or 119 euros for a pack of four, Roth is already out more than $100.
Would it be possible to possibly hack an AirTag via Bluetooth?
Maybe, but that's not what Roth did. He broke open an AirTag, removed its circuit board and soldered wires to various points on the board until he got something that worked.
He hasn't yet given out the details of how he did it, but knowledgeable hardware hackers might be able to get a head start on replicating his results just by looking at the images Roth posted on Twitter.
Yesss!!! After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag! 🥳🥳🥳/cc @colinoflynn @LennertWo pic.twitter.com/zGALc2S2PhMay 8, 2021
Would it be possible to hack an AirTag so that you could track other people secretly?
You might be able to, especially if you could disable the speaker or modify the firmware so that the AirTag couldn't emit its warning chirps, which start after the AirTag has been out of range of its paired iPhone for three days.
But frankly, it's already pretty easy to track other people secretly using an AirTag, especially people who don't carry up-to-date iPhones.
So what's the point of hacking an AirTag then?
To be able to say that you're the first to hack a new device. This really is what motivates many hackers, whether they're good, bad or otherwise.
And with that it’s time for me to get some sleep :) This was a ton of fun!(Also, can I now claim I was first to “hack” an Apple device?!)May 8, 2021
Get the BEST of Tom’s Guide daily right in your inbox: Sign up now!
Upgrade your life with the Tom’s Guide newsletter. Subscribe now for a daily dose of the biggest tech news, lifestyle hacks and hottest deals. Elevate your everyday with our curated analysis and be the first to know about cutting-edge gadgets.
Paul Wagenseil is a senior editor at Tom's Guide focused on security and privacy. He has also been a dishwasher, fry cook, long-haul driver, code monkey and video editor. He's been rooting around in the information-security space for more than 15 years at FoxNews.com, SecurityNewsDaily, TechNewsDaily and Tom's Guide, has presented talks at the ShmooCon, DerbyCon and BSides Las Vegas hacker conferences, shown up in random TV news spots and even moderated a panel discussion at the CEDIA home-technology conference. You can follow his rants on Twitter at @snd_wagenseil.