The Apple AirTag search beacon went on sale at the end of last month, and since then, users have been doing various experiments with this gadget. However, the greatest interest is not associated with the fact that it can be embedded somewhere or discreetly planted for surveillance. It turns out that AirTag can be hacked, as demonstrated by the German security researcher stack smashing.
On his Twitter, the expert wrote that he could reflash the beacon microcontroller, which allowed changing the URL that appears in the notification in the tag loss mode.
Thus, when scanning a hacked AirTag on a smartphone, a fake link is displayed, which does not lead to the Apple service page finding lost devices Find My, but to another site. Phishing attackers can use this opportunity.
Built a quick demo: AirTag with modified NFC URL 😎
It is worth noting that it is still possible to hack AirTag only with the help of changes in the microcontroller program, for which it is necessary to have physical access to the beacon. The search system itself does not contain any vulnerabilities. Perhaps Apple will pay attention to this and implement some protective mechanism to prevent the modified AirTag from accessing the Find My network.