Apple AirTag hacked for the first time

A security researcher has posted a video claiming to show a hacked Apple AirTag device, which sports a modified Near Field Communication (NFC) URL.

Apple’s long-awaited location-tracking device was released last month. The button-sized wireless device is designed to be attached to often-misplaced possessions like keys. When you can’t remember where you left the AirTag’ed item, you can use your smartphone to make it emit a noise, making it easier to locate the item.

Even as some are finding nefarious uses for the device, one researcher has demonstrated how he managed to break into one and modified elements of the item tracker software.

TechRadar needs you!

We're looking at how our readers use VPN for a forthcoming in-depth report. We'd love to hear your thoughts in the survey below. It won't take more than 60 seconds of your time.

>> Click here to start the survey in a new window<<

We've put together a list of the best endpoint protection software
Take a look at these best malware removal software
Check our list of the best firewall apps and services

The German researcher, known as Stack Smashing, has posted a series of tweets claiming that was able to break into the microcontroller of the AirTag to re-flash it to do his bidding, all in a matter of hours.

Jailbroken AirTag

After gaining control over the microcontroller, the researcher tweaked the URL that appears within a notification when an AirTag in the Lost Mode is tapped on by an NFC-enabled device.

Instead of Apple’s Find My website, the researcher uses his hacked AirTag to spit out a different URL, which can reportedly be used for phishing or for delivering any kind of malware.

Since the researcher says the device can be reflashed, changing the NFC URL is perhaps just the first and the simplest demonstration of what bad actors can do with a jailbroken AirTag tracker.

But for what it’s worth, the process isn’t as straightforward as it sounds. The researcher admits to bricking two AirTags in order to break into the microcontroller.