After many years of waiting full of rumors of all kinds, Apple presented its AirTags during the “Spring Loaded” keynote in April last year. As a reminder, these are trackers that you can use to locate an object in order to avoid losing that object. When presenting AirTags, Apple wasted no time and quickly addressed the issues of data protection and data security. In particular, Cupertino said: “AirTags track objects, not people”.
Two AirTags were hacked two weeks after they were released
Despite Apple’s reassuring speech, it only took two weeks for Stack Smashing to break through the AirTags security system and change how it operated.
A quick demo created: AirTag with changed NFC URL 😎
(Cables are only used for power supply) pic.twitter.com/DrMIK49Tu0
– Stacksmashing (@ghidraninja) May 8, 2021
This veteran hacker managed to make two AirTags unusable, but also explains that he managed to change the link that was sent when an AirTag was scanned. This means all kinds of links can be sent, which can be useful for scams like phishing. Fortunately, the Stack Smashing demonstration is preventative, not malicious. The hacker could even get a reward for finding this vulnerability.
Apple like Tesla and various other companies have a reward program for people who manage to find vulnerabilities in their systems. Recently, Tesla paid $ 31,500 to two cybersecurity researchers who managed to take control of a Tesla Model X without touching it, simply by using a DJ Mavic 2 drone. This demonstration was conducted by Ralf-Philipp Weinmann, CEO of Kunnamon, and Benedikt Schmotzle, who runs Comsecuris, shows how careful you have to be when you have such a connected vehicle, and in this particular case AirTags …
Bitdefender Plus Antivirus