Breaking

Apple AirTag jailbroken already – hacked in rickroll attack - Naked Security
May 11, 2021 1 min, 29 secs

Apple recently announced a tracking device that it calls the AirTag, a new competitor in the “smart label” product category.

Unlike their last-millennium sonic counterparts, however, modern tracking tags come with loads more functionality, and therefore present a correspondingly greater privacy risk.

Armed with wireless connectivity in the form of Bluetooth and NFC, modern tags don’t just respond neutrally with a beep-beep-beep when you send them an audio signal and they’re within range.

Products like the AirTag also announce themselves with regular Bluetooth beaconing transmissions, just like your phone does when it’s in discoverable mode.

To stop your tags being used as a permanent tracking tool for anyone who’s stalking you, the Bluetooth identifier swaps itself around every few minutes, like the Bluetooth beacons used in the Apple-and-Google privacy-preserving “exposure notification” interface that was introduced for coronavirus infection tracking.

(We don’t have an AirTag to practise with, but apparently you can choose to reveal personal information such a phone number via the tracking URL, but we assume that nothing about your identity is revealed by default, so that lost items can be reported anonymously.).

According to reports, another researcher who goes by @ghidraninja on Twitter (Ghidra is a well-known reverse engineering toolkit from the US National Security Agency) has now used this power glitch trick to “jailbreak” an AirTag.

The hack, so far, is a proof of concept (PoC) rather than a dangerous attack: @ghidraninja modified the server name found.apple.com inside the firmware so that a “lost” AirTag would misdirect an inquisitive iPhone not to Apple’s legitimate site….

Of course, there’s still the risk of someone using a booby-trapped AirTag as a lure to trick Good Samaritan iPhone users into visting a fake URL and giving themselves away…

RECENT NEWS

SUBSCRIBE

Get monthly updates and free resources.

CONNECT WITH US

© Copyright 2024 365NEWSX - All RIGHTS RESERVED