A New AirTags Hack Leads to a Malicious Site Instead of the Return to Owner Page
Stealth Cam Durable Sol-Pak Solar Battery Pack, 12V Solar Power Panel, Rechargeable Battery & 10ft Insulated Cable, Compatible with All Wireless/Cellular Trail Cameras - 5000 mAh
30% OffVictron Energy SmartSolar MPPT Solar Charge Controller (Bluetooth) - Charge Controllers for Solar Panels - 100V, 30 amp, 12/24-Volt
Now a security looked into proved its possible to hack an AirTag and alter it to show custom-made sites when phones can its NFC tag.
If you occur upon an AirTag and youre an Android user, you can tap it with NFC to open Apples return page. Which does not assist Apples promise to retrieve your missing out on AirTag in the long run.
Constructed a fast demo: AirTag with customized NFC URL.
( Cables just used for power) pic.twitter.com/DrMIK49Tu0.
— stacksmashing (@ghidraninja) May 8, 2021.
Its still worrying however, and may make you believe twice about scanning that errant AirTag you discovered on the street. Which does not help Apples guarantee to obtain your missing out on AirTag in the long run.
by means of The 8-Bit.
Justin Duino
Apple AirTags arrived with much excitement (and some uneasiness). Weve currently seen teardowns, drill hacks, and even hide-and-seek video games. Now a security researched showed its possible to hack an AirTag and alter it to show custom-made sites when phones can its NFC tag.
That bit may not look like a big offer, however its crucial to keep in mind how AirTags work when you do not have an iPhone. If you discover an AirTag and youre an Android user, you can tap it with NFC to open Apples return page. Ideally, as a Good Samaritan, youll help in returning the device.
With a custom-loaded website, a bad actor could in theory trick a well-meaning person into scanning a tag and opening a harmful website. That could cause destructive results, particularly if the phone in concern isnt fully as much as date.
As found by The 8-Bit, security research study “stacksmashing” posted the proof of concept on Twitter. He handled to get into the AirTags microcontroller, and reflash the gadget to change its NFC site details.