Breaking into the microcontroller essentially meant being able both to research how the devices function (by analyzing the dumped firmware) and to reprogram them to do unexpected things. Stacksmashing demonstrated this by reprogramming an AirTag to pass a non-Apple URL while in Lost Mode.
Lost Mode gets a little more lost
When an AirTag is set to Lost Mode, tapping any NFC-enabled smartphone to the tag brings up a notification with a link to found.apple.com. The link allows whoever found the lost object to contact its owner, hopefully resulting in the lost object finding its way home.
After breaching the microcontroller, stacksmashing was able to replace the found.apple.com URL with any other URL. In the demonstration above, the modified URL leads to stacksmashing.net. By itself, this is pretty innocuous—but it could lead to an additional minor avenue toward targeted malware attacks.
Tapping the AirTag won’t open the referenced website directly—the owner of the phone would need to see the notification, see the URL it leads to, and elect to open it anyway. An advanced attacker might still use this avenue to convince a specific high-value target to open a custom malware site—think of this as similar to the well-known “seed the parking lot with flash drives” technique used by penetration testers.
AirTag’s privacy problems just got worse
AirTags already have a significant privacy problem, even when running stock firmware. The devices report their location rapidly enough—thanks to using detection by any nearby iDevices, regardless of owner—to have significant potential as a stalker’s tool.
It’s not immediately clear how far hacking the firmware might change this threat landscape—but an attacker might, for instance, look for ways to disable the “foreign AirTag” notification to nearby iPhones.
When a standard AirTag travels near an iPhone it doesn’t belong to for several hours, that iPhone gets a notification about the nearby tag. This hopefully reduces the viability of AirTags as a stalking tool—at least if the target carries an iPhone. Android users don’t get any notifications if a foreign AirTag is traveling with them, regardless of the length of time.
After about three days, a lost AirTag will begin making audible noise—which would alert a stalking target to the presence of the tracking device. A stalker might modify the firmware of an AirTag to remain silent instead, extending the viability window of the hacked tag as a way to track a victim.
Now that the first AirTag has been “jailbroken,” it seems likely that Apple will respond with server-side efforts to block nonstandard AirTags from its network. Without access to Apple’s network, the utility of an AirTag—either for its intended purpose or as a tool for stalking an unwitting victim—would become essentially nil.
Listing image by stacksmashing