Security researcher Stack Smashing said that he was able to break into the microcontroller of the Apple AirTag and modified elements of the item tracker software.
AppleAAirTag is a small iPhone accessory that helps keep track of and find the items that matter most with Apple’s Find My app.
Apple ensures high levels of security built into its products, which has led to the new AirTags becoming a target for security researchers, AppleInsider reported.
The security researcher made firmware dumps and eventually discovered the microcontroller could be reflashed after a few hours and the destruction of multiple tags in the process.
The researcher proved it was possible to alter the programming of the microcontroller, to change how it functions.
An initial demonstration showed an AirTag with a modified NFC URL that, when scanned with an iPhone, displays a custom URL instead of the usual “found.apple.com” link.
The research shows that it takes a lot of know-how and effort to hack AirTag in the first place.
During a demonstration video, the modified AirTag is shown attached to cables, which are claimed to provide just power to the device.
Given that AirTag relies on the secure Find My network for its Lost Mode to function, Apple would roll out some form of server-side defense against any maliciously modified versions.
A hidden debug mode has been found in AirTag, providing developers with more information than users would normally need about the device’s hardware.