According to a German security researcher, “Stack Smashing” tweeted how he managed to “penetrate the world” Microcontroller of AirTag. “This allowed him to re-flash the microcontroller which allowed them to change elements of the item tracker software.
The microcontroller is an integral part of the integrated circuit (IC) used to control devices. This essentially means that if a hacker gets access to the microcontroller, they can control and control what the device is supposed to do.
A quick demo created: AirTag with changed NFC URL 😎 (cables are only used for power supply) https://t.co/DrMIK49Tu0
– Stacksmashing (@ghidraninja) 1620514726000
In this particular case, the hacker was able to tweak the URL that appears in a notification when an AirTag is enabled in lost mode. It also shows how an unhacked AirTag redirects to the Find My website, while the modified AirTag redirects to an unrelated URL that could lead to phishing. However, the extent is currently unclear.
For now, we’ll have to wait and see how the Cupertino-based tech giant can block this type of modification.
AirTag was unveiled last month at the company’s first event in 2021. New iPad and iMac models and their accessories were also presented there, a purple color variant of the iPhone 12 and the iPhone 12 mini.
In India, the AirTag costs Rs 3,190 for a single piece and can be purchased in packs of four for Rs 10,900.