Sign In

Communications of the ACM

ACM TechNews

Security Researcher Successfully Jailbreaks Apple AirTag


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
A dissasembled AirTag.

German security researcher stacksmashing was able to break into the microcontroller of Apple's new AirTag object-location product.

Credit: stacksmashing

German security researcher stacksmashing was able to break into, dump, and reflash the microcontroller of Apple's AirTag object-location product.

As a result, the researcher was able to analyze the dumped firmware to determine how the device functions.

Tapping any Near-Field Communication-enabled smartphone to an AirTag set to Lost Mode generates a notification with a link to found.apple.com so users can contact the owner of the lost object.

stacksmashing was able to reprogram the AirTag to generate a non-Apple URL while in Lost Mode, a vulnerability that an advanced attacker potentially could exploit to get high-value targets to open a custom malware site.

Apple is expected to respond to the first "jailbroken" AirTag with server-side efforts to block nonstandard AirTags from its network.

From Ars Technica
View Full Article

 

Abstracts Copyright © 2021 SmithBucklin, Washington, DC, USA


 

No entries found