Apple’s AirTag has only been out for around a week, but it’s already been hacked.
A German cyber security researcher cracked the AirTag’s microcontroller, the tiny integrated circuit that controls the device.
The AirTag, a small locator that retails for $29, can help you find your car keys or anything else it’s attached to. Normally, when you use your phone to find an AirTag, your phone opens in the “Find My” website at found.apple.com to initiate the “Lost Mode” process. However, the researcher found he could redirect the microcontroller to his personal website instead.
Security researcher Thomas Roth, who goes by the name Stack Smashing, posted a video of the process to Twitter, and wrote: “After hours of trying (and bricking 2 AirTags) I managed to break into the microcontroller of the AirTag."
This means hackers could potentially direct hacked AirTags to phishing or malware sites, and it remains to be seen whether Apple will implement some mechanism to block this sort of attack.
Although this sounds alarming, the tech review website SlashGear cautions that even if a hacker can reprogram an AirTag, “the process and the end result might not yet be worth the worry.”
RELATED RESOURCE
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email security
“The security researcher hasn’t disclosed yet the process but he admits bricking at least two AirTags to get there,” SlashGear noted. “Unless the tracker’s firmware can be modified remotely over the air, the only way you’ll get a hacked AirTag would be if you acquired it through other parties.”
As always, there are proactive ways to avoid falling victim to phishing and malware campaigns like this. When you navigate to a site, always verify the URL looks exactly as you expect. Many times, these spoofed sites will have one character off or a different domain extension.
If you see anything suspicious in the link, close the browser, open a fresh browser and navigate to your target site by typing it manually into the URL bar.
-
Should AI PCs be part of your next hardware refresh?AI PCs are fast becoming a business staple and a surefire way to future-proof your business
-
Westcon-Comstor and Vectra AI launch brace of new channel initiativesNews Westcon-Comstor and Vectra AI have announced the launch of two new channel growth initiatives focused on the managed security service provider (MSSP) space and AWS Marketplace.
-
Why the Space Force wants white hats to attack a satelliteCase study Authorities hope the first-of-its-kind competition could bring benefits to the cyber sector
-
OpenAI to pay up to $20k in rewards through new bug bounty programNews The move follows a period of unrest over data security concerns
-
New ‘DarkBit’ ransomware gang shuts down Technion, demands $1.7 million ransomNews A politically charged ransom note suggests DarkBit are one of the newest hacktivist gangs to emerge in recent months
-
Research: Luxury cars and emergency services vehicles vulnerable to remote takeoverNews A "global API issue" has been highlighted through months-long research into brands such as Ferrari and Mercedes-Benz, leaving owners open to hacking, account takeovers, and more
-
Podcast transcript: Meet the cyborg hackerIT Pro Podcast Read the full transcript for this episode of the IT Pro Podcast
-
The IT Pro Podcast: Meet the cyborg hackerIT Pro Podcast Resistance is futile - offensive biotech implants are already here
-
SpaceX bug bounty offers up to $25,000 per Starlink exploitNews The spacecraft manufacturer has offered white hats immunity to exploit a wide range of Starlink systems, with a dedicated report page
-
Nomad happy to forgive hackers if they return 90% of $190 million that was stolenNews The crypto bridge is offering 'white hat hackers' a 10% bounty following the attack earlier this week
