A security researcher was able to hack, or rather jailbreak, his way into the AirTag. The researcher was able to change its internal working and was able to modify its NFC URL to a custom URL.
German security researcher and YouTuber Stack Smashing was able to hack his AirTag by reverse-engineering its Integrated Chip controller (IC). As shared in a Tweet, the researcher said he was able to get a custom firmware running on his AirTag by flashing his own software onto AirTag’s motherboard.
If you’re unaware, an Integrated Chip controller is, essentially, the brain of all electronics. These controllers manage the functions of the electronics and tell them what to do and when to do. The German researcher was able to flash a custom firmware on AirTag, thus gaining control over its IC and therefore its functioning.
Built a quick demo: AirTag with modified NFC URL 😎
(Cables only used for power) pic.twitter.com/DrMIK49Tu0
— stacksmashing (@ghidraninja) May 8, 2021
To demonstrate this, he tweaked the URL that appears when an AirTag in the Lost Mode comes near an iPhone that is not paired with it. Normally, an AirTag in the Lost Mode would take you to the found.apple.com website with the details of the owner. In this case, he was able to change this URL to his own website — stacksmashing.net.
This is one of the early demonstrations that the researcher could achieve. By using a modded firmware, one can potentially unlock even more of the capabilities of the AirTag, like displaying correct battery percentage, changing its sounds, and more.
It’s unclear as of now what security measures Apple has in place to avoid this from happening, though they could prevent this from happening with the next AirTag firmware update.
Over the past few days, we’ve learned that the AirTag has a hidden developer mode, it’s possible to track your shipments using AirTag, and that AirTag makes it frighteningly easy to stalk someone. However, jailbreaking AirTag could unlock even more functionalities.
Have you grabbed an AirTag yet? Are you planning on buying an AirTag? Let us know in the comments section below!