AirTag, the Bluetooth tracker launched by Apple only 10 days ago, has already been accessed and modified without authorization, writes news.ro.
A German researcher managed to access and modify the microcontroller used by AirTag, and the tracking software used by the device.
The “breaking” of AirTag is comparable to the jailbreak made on iPhones. Once it gains access to the software, the hacker can change the behavior of the product and its functions.
The German researcher has chosen to change the NFC URL to demonstrate the vulnerability that AirTag suffers from.
Normally, when an object to which an AirTag has been attached is placed in “Lost Mode” (it is declared lost), the URL opens Find My application, to make it easier to locate the object on the map.
However, with access to the software used by the AirTag, a hacker can change the URL, which can lead to another website. For example, it can send the user to a site that asks for their personal data, in an attempt to phish personal information.
Apple has not yet responded to the release of this information but is expected to come up as soon as possible with a patch or server-level limitation.