Apple announced the release of its latest version of mobile operating system (iOS 14.5), which will include one of the company’s most expected features, allowing users greater transparency in app tracking and support for the new AirTag. This is a small device that can be equipped to personal items such as keys, wallets or luggage, sending messages periodically to track your location, allowing you to find lost items through your mobile app.
Since its release was announced and its functions described, many cybersecurity specialists noted that an AirTag could be abused by threat actors, and that its description as an expression of crowdsourcing for the recovery of lost items also seems troubling.
While Apple claims it has implemented a number of security measures to prevent hackers from using an AirTag to spy on users, experts mentioned that these measures are relatively easy to bypass.
A recent experiment showed that one of these devices can be placed in an unsuspecting user’s belongings and none of the security measures will be triggered when connected to an attacker’s smartphone. This could allow criminals to follow in the footsteps of a target user for up to three days in a row.
Another worrying fact is that it is possible to disable security alerts, not to mention the fact that there are more and more devices of this kind around us, which will certainly make people take the alerts sent by an AirTag less seriously.
The most troubling issue about AirTag is its mechanisms to protect against malicious hacking. A couple of months ago, Stack Smashing’s experts managed to hack an AirTag driver to modify its firmware and make the device do different things from the ones it was designed for.
The most troubling issue about AirTag is its mechanisms to protect against malicious hacking. A couple of months ago, Stack Smashing’s experts managed to hack an AirTag driver to modify its firmware and make the device do different things from the ones it was designed for.
This attack could allow hackers to redirect a user to some malicious website, although this process is not as simple as it sounds. Experts mention that the only way to modify the firmware is to have remote access to the affected devices, since at the moment it seems impossible to modify the firmware of the device remotely.
However, specialists mention that this attack is very complex and does not really represent any benefit, so it may not be worth compromising an Apple AirTag for hackers.
To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.
He is a cyber security and malware researcher. He studied Computer Science and started working as a cyber security analyst in 2006. He is actively working as an cyber security investigator. He also worked for different security companies. His everyday job includes researching about new cyber security incidents. Also he has deep level of knowledge in enterprise security implementation.