You knew it was just a matter of time before someone hacked Apple’s AirTags, but it might have happened sooner than you expected. 9to5Mac reports that security researcher Thomas Roth has already cracked the microcontroller for Apple’s item tracker, dumping its firmware and discovering that you can re-flash it for your own purposes.
Roth demonstrated the possibilities by modifying the NFC web address (the one that appears when you tap an AirTag) to his personal site. As you might guess, that raises the potential for hacked AirTags that send users to malware and phishing sites.
The practical threat to users are likelysmall. An attacker would have to obtain someone’s existing AirTag, modify it and place it such that an unsuspecting victim would find it and want to tap it. That’s also presuming that Apple doesn’t have a way to block modified AirTags, as 9to5 suggested. Still, this suggests you’ll want to have an up-to-date phone and a reasonable degree of caution before you tap any NFC-equipped tracker.
The hack may offer more potential to enthusiasts. You could point to websites that automatically launch certain apps, such as the App Store or Apple Music. That’s not including functionality beyond NFC. This concept isn’t new, but the likely ubiquity of AirTags could make it relatively popular.