Security researcher jailbreaks AirTag and changes its NFC URL
The AirTag was announced at Apple’s highly anticipated Spring Loaded event. Although a few days have passed since the launch, a security researcher hacked into the accessory and changed the NFC URL elements for Lost Mode. It wouldn’t be wrong to say that the hack enabled an AirTag jailbreak. Scroll down to see more storyline details and if there are more hacking possibilities.
Hacker Jailbreaks AirTag to Change NFC URL Elements – What are the Possibilities?
We recently explained that the Find My app on iPhone hosts a developer mode for the AirTag, revealing plenty of details about what’s going on under the hood. Now a German Stack Smashing security researcher has tweeted today that he was able to hack or jailbreak an AirTag (via The 8 bit). He broke into the AirTag’s microcontroller and modified elements of the accessory’s software.
A microcontroller is an integrated circuit (IC) used to control devices usually through a microprocessor unit, memory, and other peripherals. According to AllAboutCircuits, “These devices are optimized for embedded applications that require both processing functionality and agile, responsive interaction with digital, analog, or electromechanical components.”
With the AirTag jailbreak done, we can assume it can be used for other purposes. For example, the video shared below opens an unlinked URL on the iPhone instead of taking the accessory directly to the Find My website. For now, details regarding its usefulness are scarce, and we’ll wait for the developer to tinker with the software.
You can check out the tweet below which contains the AirTag hack, comparing a normal version and a modified version of the AirTag.
Creating a quick demo: AirTag with modified NFC URL 😎
(Cables used only for power supply) pic.twitter.com/DrMIK49Tu0
— stack (@ghidraninja) May 8, 2021
On top of that, it remains to be seen if Apple will be able to fix this issue with the help of a software update. Since the AirTag hack or jailbreak leads the user to a random website, it can serve as a phishing tool and more. Now we expect the company to note it and fix the exploit that leads the security researcher to a hack.
That’s all there is to it, folks. What do you think of the script? Do you think Apple will fix this issue with an update? Share your ideas with us in the comments.