All it takes is a little knowledge and a little creativity to change the new obvious Apple AirTags as a spy device directly from the movie James Bond. The motherboard has reported how several hackers, some acting out of sheer curiosity, managed to break into Apple’s new device and change its purpose completely.
In some examples, hackers have even shown how AirTags could be turned into potentially harmful devices – although there is no evidence yet of using such tactics in nature.
AirTags are basically Apple buttons that users can attach to various items and track their movement. The devices were unveiled earlier this year after months of speculation and could be a huge potential earner for Apple.
When he published a YouTube video of his methods, hardware researcher Colin O’Flynn showed how he captured AirTag and got it to send a malicious URL to an iPhone.
“AirTags are shipped in a state where you can’t access the internal processor / microcontroller because they locked debugging interfaces during manufacturing,” another researcher Thomas Roth revealed. “I was able to reactivate the debugging interface and remove the firmware from AirTag.”
In a separate study, Fabian Bräunlein of Positive Security was able to send arbitrary data to nearby Apple devices via the Find My protocol. In a blog post, Bräunlein said it was possible to send arbitrary information by falsifying many AirTag tags and encoding information in which AirTag was active. He then got the device to download the data according to its location.
Bräunlein believes that this approach could be used to turn a device into a communication device.
“I was curious if Find My’s Offline Finding Network (ab) could be used to download arbitrary data to the Internet from devices that aren’t connected to WiFi or the mobile Internet,” Bräunlein told the motherboard.
While he praised Apple’s work, saying it was “cryptographically well designed,” he added that the company could “limit the potential for abuse” by changing the design.